%% PVS Version 3.2 %% 6.2 [Linux (x86)] (Nov 3, 2004 23:30) $$$Vectors_rew.pvs Vectors_rew : THEORY BEGIN IMPORTING Vectors v,w, v1, v2 : VAR Vect3 a,b : VAR real vr0x: LEMMA (v + w)`x = v`x + w`x vr0y: LEMMA (v + w)`y = v`y + w`y vr0z: LEMMA (v + w)`z = v`z + w`z vr1x: LEMMA (v - w)`x = v`x - w`x vr1y: LEMMA (v - w)`y = v`y - w`y vr1z: LEMMA (v - w)`z = v`z - w`z vr2: LEMMA v1 + v2 - v2 = v1 vr3: LEMMA v1 - v2 + v2 = v1 END Vectors_rew $$$Vectors_rew.prf (Vectors_rew (vr0x 0 (vr0x-1 nil 3287939631 nil ("" (ground) (("" (skosimp*) (("" (grind) nil nil)) nil)) nil) unchecked nil nil nil nil nil)) (vr0y 0 (vr0y-1 nil 3287939631 nil ("" (skosimp*) (("" (grind) nil nil)) nil) unchecked nil nil nil nil nil)) (vr0z 0 (vr0z-1 nil 3287939631 nil ("" (skosimp*) (("" (grind) nil nil)) nil) unchecked nil nil nil nil nil)) (vr1x 0 (vr1x-1 nil 3287939631 nil ("" (grind) nil nil) unchecked nil nil nil nil nil)) (vr1y 0 (vr1y-1 nil 3287939631 nil ("" (grind) nil nil) unchecked nil nil nil nil nil)) (vr1z 0 (vr1z-1 nil 3287939631 nil ("" (grind) nil nil) unchecked nil nil nil nil nil)) (vr2 0 (vr2-1 nil 3287939631 nil ("" (skosimp*) (("" (assert) (("" (expand "+ ") (("" (expand "-") (("" (apply-extensionality 1 :hide? t) nil nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (vr3 0 (vr3-1 nil 3287939631 nil ("" (skosimp*) (("" (expand "-") (("" (expand "+ ") (("" (apply-extensionality 1 :hide? t) nil nil)) nil)) nil)) nil) unchecked nil nil nil nil nil))) $$$hd_only_prop.pvs hd_only_prop: THEORY BEGIN IMPORTING hd_only_algo, hd_only, line_line_hd_comb, line_circle_hd_comb, circle_circle_hd_comb, circle_line_hd_comb, in_circle_hd_comb, out_circle_hd_comb, Vectors_rew s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity vv : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity voe : VAR Vect3 % Ownship escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR posreal % Recovery time te : VAR real % Escape time t : VAR real % time tpp : VAR real % time thp : VAR real % time thpp: VAR real % time m : VAR solution a : VAR real b : VAR real c : VAR real A, B, C, E, Ax, Ay, B_x, B_y, SSx, SSy: VAR real vex : VAR real vrx : VAR real vry : VAR real vrz : VAR real alpha : VAR real alpha2 : VAR real eps : VAR Sign root : VAR bool % a flag: true = x1 root, false = x2 root root2: VAR bool % a flag: true = x1 root, false = x2 root % % % ---------------------------------------------------------------- % Proofs of Line-line Components % ---------------------------------------------------------------- % % % hd_solution_correct : LEMMA % v = vo - vi AND % sr = s + tr*v AND % sq(s`x) + sq(s`y) > sq(D) AND % sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % sr`y /= 0 AND % alpha = alpha_calc(eps,s) AND % alpha2 = alpha_calc(eps,sr) AND % a = 1 + sq(alpha) AND % b = 2*(vi`x + alpha * vi`y) AND % c = sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y) AND % discr(a, b, c) >= 0 AND % (vex = x1(a, b, c) OR vex = x2(a, b, c)) AND % ve = (# x:= vex, % y:= alpha * vex, % z:= v`z #) AND % ve`y-alpha2*ve`x /= 0 AND % te = tr*(v`y-alpha2*v`x)/(ve`y - alpha2*ve`x) AND % tr /= te AND % vrx = (tr*v`x-te*vex) / (tr - te) AND % vry = alpha2 * vrx AND % vrz = v`z AND % member(m, hd_solution(ve, vrx, vry, vrz, te, tr)) % IMPLIES % separation?(s, m`ve) AND % separation?(s + m`te * m`ve, m`vr) AND % s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND % 0 < m`te AND m`te < tr AND % heading_only?(vo, m`ve+vi) AND % % vo`z = (m`ve+vi)`z AND % vo`z = (m`vr+vi)`z line_line_root_prep: LEMMA sq(s`x) + sq(s`y) > sq(D) AND sr= s + tr*v AND sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND sr`y /= 0 AND line_line_root(s,sr,vo,vi,tr,eps,root)(m) IMPLIES 0 < m`te AND m`te < tr AND vo`z = (m`vr + vi)`z line_line_root_correct : LEMMA v = vo - vi AND sr = s + tr*v AND sq(s`x) + sq(s`y) > sq(D) AND sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND sr`y /= 0 AND member(m, line_line_root(s, sr, vo, vi, tr, eps, root)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z line_line_hd_correct : LEMMA member(m, line_line_hd(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z % % % ---------------------------------------------------------------- % Proofs of Line-circle Components % ---------------------------------------------------------------- % % c_hd_solution_prop : LEMMA v = vo - vi AND sr = s + tr*v AND member(m, c_hd_solution(s, ve, vo, vi, te, tpp, tr)) IMPLIES hor_speed_gt_0?(m`ve) AND % tau(s,m`ve) < tpp AND tpp < tr AND m`te /= tr AND 0 < m`te AND m`te < tr AND entry?(sr+(tpp-tr)*m`vr,m`vr) AND vo`z = (m`vr+vi)`z AND m`ve = ve AND m`te = te AND m`vr = (# x:= (tr*v`x-te*ve`x)/(tr-te), y:= (tr*v`y-te*ve`y)/(tr-te), z:= v`z #) line_circle_root_correct : LEMMA v = vo - vi AND sr = s + tr*v AND sq(s`x) + sq(s`y) > sq(D) AND sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND member(m, line_circle_root(s, sr, vo, vi, tr, eps, root, root2)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z line_circle_hd_correct : LEMMA member(m, line_circle_hd(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z % % % ---------------------------------------------------------------- % Proofs of Circle-circle Components % ---------------------------------------------------------------- % % circle_circle_root2_correct : LEMMA v = vo - vi AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND thp = theta(-1,s`z,v`z) AND % CALCULATION SSx = s`x - thp * vi`x AND % CALCULATION SSy = s`y - thp * vi`y AND % CALCULATION A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND % CALCULATION B = 4*(s`x - thp*vi`x)*thp*E AND % CALCULATION C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION % ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND % COMPUTED VALUE voe`x = Pick_Root(root,A,B,C) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE member(m, circle_circle_root2(s, voe, vo, vi, E, thp, tr, root2)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND heading_only?(vo, m`ve+vi) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z circle_circle_root_correct : LEMMA member(m, circle_circle_root(s, vo, vi, tr, root, root2)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND heading_only?(vo, m`ve+vi) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z circle_circle_hd_correct : LEMMA member(m, circle_circle_hd(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z % % % ---------------------------------------------------------------- % Proofs of Circle-line Components % ---------------------------------------------------------------- % % cl_solution_prop : LEMMA v = vo - vi AND sr = s + tr*v AND ve = voe - vi AND member(m, cl_solution(s, voe, vo, vi, E, thp, tr, eps)) IMPLIES exit?(s + thp * ve, ve) AND sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND sr`y /= 0 AND ve`y-alpha_calc(eps,sr)*ve`x /= 0 AND m`te = tr*(v`y-alpha_calc(eps,sr)*v`x)/(ve`y-alpha_calc(eps,sr)*ve`x) AND tr /= m`te AND 0 < m`te AND m`te < tr AND m`ve = ve AND m`vr = (# x:= (tr*v`x-m`te*ve`x)/(tr-m`te), y:= alpha_calc(eps,sr)*(tr*v`x-m`te*ve`x)/(tr-m`te), z:= v`z #) AND hor_speed_gt_0?(m`vr) AND vo`z = (m`vr+vi)`z circle_line_root_prep: LEMMA circle_line_root(s,vo,vi,tr,root,eps)(m) IMPLIES 0 < m`te AND m`te < tr AND vo`z = (m`vr + vi)`z circle_line_root_correct : LEMMA member(m, circle_line_root(s, vo, vi, tr, root, eps)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND heading_only?(vo, m`ve+vi) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z circle_line_hd_correct : LEMMA member(m, circle_line_hd(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z ic_solution_prop : LEMMA v = vo - vi AND ve = voe - vi AND te = thpp AND member(m, ic_solution(s, voe, vo, vi, thpp, tr)) IMPLIES entry?(s + thpp * ve, ve) AND 0 < m`te AND m`te < tr AND m`ve = ve AND m`te = thpp AND m`vr = (# x:= (te*voe`x - tr*vo`x)/(thpp - tr) - vi`x, y:= (te*voe`y - tr*vo`y)/(thpp - tr) - vi`y, z:= v`z #) AND vo`z = m`vr`z + vi`z % in_circle_root_prop : LEMMA % member(m, in_circle_root(s, vo, vi, tr,root)) % IMPLIES % sq(vo`x) + sq(vo`y) >= sq(m`ve`x + vi`x) AND % m`ve`y + vi`y = % sqrt(sq(vo`x) + sq(vo`y) - sq(m`ve`x + vi`x)) AND % m`ve`z + vi`z = vo`z AND % theta(1, s`z, vo`z - vi`z) = m`te AND % vo`z - vi`z /= 0 AND % 4 * (sq(theta(1, s`z, vo`z - vi`z)) * % sq(s`x - theta(1, s`z, vo`z - vi`z) * vi`x)) + % 4 * (sq(theta(1, s`z, vo`z - vi`z)) * % sq(s`y - theta(1, s`z, vo`z - vi`z) * vi`y)) /= 0 AND % sign(-2 * (m`ve`y * s`y * m`te) - 2 * (s`y * vi`y * m`te) % + 2 * (m`ve`y * vi`y * m`te * m`te) % + 2 * (vi`y * vi`y * m`te * m`te)) % = % sign(sq(s`x - m`te * vi`x) + sq(s`y - m`te * vi`y) + % sq(m`te) * sq(vo`x) % + sq(m`te) * sq(vo`y) % - sq(D) % - 2 * (m`ve`x * vi`x * m`te * m`te) % - 2 * (vi`x * vi`x * m`te * m`te) % + 2 * (m`ve`x * s`x * m`te) % + 2 * (s`x * vi`x * m`te)) in_circle_root_prep : LEMMA in_circle_root(s,vo,vi,tr,root)(m) IMPLIES 0 < m`te AND m`te < tr AND vo`z = m`vr`z + vi`z in_circle_root_correct : LEMMA member(m, in_circle_root(s, vo, vi, tr,root)) IMPLIES separation?(s, m`ve) AND heading_only?(vo, m`ve+vi) AND separation_pos?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND vo`z = m`vr`z+vi`z in_circle_hd_correct : LEMMA member(m, in_circle_hd(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation_pos?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`vr+vi)`z vo`z = m`vr`z+vi`z oc_solution_prop : LEMMA v = vo - vi AND ve = voe - vi AND te = thp AND member(m, oc_solution(s, voe, vo, vi, thp, tr)) IMPLIES exit?(s + thp * ve, m`ve) AND exit?(s + thp * ve, m`vr) AND 0 < m`te AND m`te < tr AND m`ve = ve AND m`te = thp AND m`vr = (# x:= (te*voe`x - tr*vo`x)/(thp - tr) - vi`x, y:= (te*voe`y - tr*vo`y)/(thp - tr) - vi`y, z:= v`z #) AND vo`z = m`vr`z + vi`z out_circle_root_prep : LEMMA out_circle_root(s,vo,vi,tr,root)(m) IMPLIES 0 < m`te AND m`te < tr AND vo`z = (m`vr+vi)`z out_circle_root_correct : LEMMA member(m, out_circle_root(s, vo, vi, tr,root)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND heading_only?(vo, m`ve+vi) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND vo`z = (m`vr+vi)`z out_circle_hd_correct : LEMMA member(m, out_circle_hd(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND vo`z = (m`vr+vi)`z % % % ----------------------------------------------------------- % Proofs of Heading-Speed Only % ----------------------------------------------------------- % % hd_only_algo_correct : THEOREM member(m, hd_only_algo(s, vo, vi, tr)) IMPLIES pred_sep?(s, m`ve, m`te) AND pred_sep?(s + m`te * m`ve, m`vr, tr - m`te) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND heading_only?(vo, m`ve+vi) AND % vo`z = (m`ve+vi)`z AND vo`z = (m`vr+vi)`z END hd_only_prop $$$hd_only_prop.prf (hd_only_prop (hd_solution_correct_TCC1 0 (hd_solution_correct_TCC1-1 nil 3287939638 3311676679 ("" (skosimp*) (("" (assert) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 709 640 nil nil)) (hd_solution_correct_TCC2 0 (hd_solution_correct_TCC2-1 nil 3287939638 3311676679 ("" (skosimp*) (("" (assert) (("" (ground) (("" (mult-cases -2) (("" (expand "sq") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 642 590 nil nil)) (hd_solution_correct_TCC3 0 (hd_solution_correct_TCC3-1 nil 3287939638 3311676679 ("" (skosimp*) (("" (hide -5 -6) (("" (hide-all-but (-5 -8)) (("" (assert) nil nil)) nil)) nil)) nil) proved nil 209 150 t nil)) (hd_solution_correct_TCC4 0 (hd_solution_correct_TCC4-1 nil 3287939638 3311676680 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 897 840 t nil)) (hd_solution_correct 0 (hd_solution_correct-1 nil 3287939638 3311598056 ("" (skosimp*) (("" (lemma "llhd") (("" (inst?) (("" (inst - "alpha!1" "alpha2!1" "eps!1" "s!1+tr!1*v!1" "vi!1" "vo!1" "m!1`ve + vi!1") (("" (assert) (("" (case "m!1`ve = m!1`ve + vi!1 - vi!1") (("1" (assert) (("1" (expand "member") (("1" (expand "hd_solution") (("1" (split -19) (("1" (flatten) (("1" (assert) (("1" (expand "singleton") (("1" (assert) (("1" (replace -21) (("1" (hide -21) (("1" (replace -21) (("1" (hide -21) (("1" (replace -21) (("1" (hide -21) (("1" (replace -8) (("1" (hide -8) (("1" (replace -18) (("1" (hide -18) (("1" (split -17) (("1" (assert) (("1" (flatten) (("1" (assert) (("1" (expand "+" 5) (("1" (replace -6 5) (("1" (assert) (("1" (expand "-" 5) (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (flatten) (("2" (assert) (("2" (replace -6 5) (("2" (expand "+" 5) (("2" (expand "-" 5) (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -3) (("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (expand "+") (("2" (expand "-") (("2" (apply-extensionality) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((llhd formula-decl nil line_line_hd_comb nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (member const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (emptyset const-decl "set" sets nil) (hd_solution const-decl "set[solution]" hd_only_algo nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (solution type-eq-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 69678 68620 nil nil)) (line_line_root_prep_TCC1 0 (line_line_root_prep_TCC1-1 nil 3311615590 3311676681 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 555 510 t nil)) (line_line_root_prep_TCC2 0 (line_line_root_prep_TCC2-1 nil 3311675757 3311676681 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) (("" (replace -2) (("" (assert) (("" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 459 420 t nil)) (line_line_root_prep 0 (line_line_root_prep-1 nil 3311615730 3311673745 ("" (skosimp*) (("" (auto-rewrite "member") (("" (lemma "line_line_root_lem") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "hd_solution_lem") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (expand "+ ") (("" (expand "-") (("" (assert) (("" (hide -1 -2) (("" (replace -3) (("" (hide -3) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((line_line_root_lem formula-decl nil hd_only_algo nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (hd_solution_lem formula-decl nil hd_only_algo nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (sq const-decl "nonneg_real" sq "reals/") (D const-decl "posreal" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (alpha_calc const-decl "real" hd_only nil) (Pick_Root const-decl "real" common_defs nil) (+ const-decl "Vect3" Vectors nil)) 58013430 220460 nil nil)) (line_line_root_correct 0 (line_line_root_correct-4 "new" 3311612917 3311677073 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (assert) (("" (lemma "llhd_pred") (("" (assert) (("" (inst - "eps!1" "root!1" "s!1" "m!1`te" "tr!1" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr") (("" (split -1) (("1" (flatten) (("1" (assert) (("1" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (assert) (("1" (lemma "line_line_root_prep") (("1" (inst?) (("1" (assert) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil)) nil)) nil) ("2" (hide 4) (("2" (lemma "line_line_root_lem") (("2" (inst?) (("2" (assert) (("2" (flatten) (("2" (expand "llhd_pred") (("2" (assert) (("2" (lemma "hd_solution_lem") (("2" (inst?) (("2" (assert) (("2" (flatten) (("2" (replace -5) (("2" (expand "-") (("2" (expand "+ ") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((llhd_pred formula-decl nil line_line_hd_comb nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (+ const-decl "Vect3" Vectors nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (sq const-decl "nonneg_real" sq "reals/") (D const-decl "posreal" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (alpha_calc const-decl "real" hd_only nil) (Pick_Root const-decl "real" common_defs nil) (hd_solution_lem formula-decl nil hd_only_algo nil) (llhd_pred const-decl "bool" line_line_hd_comb nil) (line_line_root_lem formula-decl nil hd_only_algo nil) (- const-decl "Vect3" Vectors nil) (line_line_root_prep formula-decl nil hd_only_prop nil) (member const-decl "bool" sets nil)) 326288 57660 t nil) (line_line_root_correct-3 "new" 3311071135 3311598088 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (auto-rewrite "member") (("" (lemma "hd_solution_correct" ("m" "m!1" "vi" "vi!1" "vo" "vo!1" "tr" "tr!1" "s" "s!1" "v" "v!1" "sr" "sr!1" "vrz" "v!1`z" "eps" "eps!1")) (("" (assert :quant-simp? t) (("" (lemma "line_line_root_discr") (("" (inst?) (("" (assert) (("" (lemma "line_line_root_lem") (("" (inst?) (("" (assert) (("" (assert) (("" (expand "line_line_root") (("" (assert) (("" (name "R1" "root(1 + sq(alpha_calc(eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc(eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y), 1)") (("" (replace -1) (("" (name "R2" "root(1 + sq(alpha_calc(eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc(eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y), -1)") (("" (replace -1) (("" (case "root!1") (("1" (inst -6 "R1") (("1" (assert) (("1" (ground) nil nil)) nil)) nil) ("2" (inst -5 "R2") (("2" (assert) (("2" (split -5) (("1" (propax) nil nil) ("2" (flatten) nil nil) ("3" (flatten) (("3" (ground) nil nil)) nil) ("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished ((posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (hd_solution_correct formula-decl nil hd_only_prop nil) (emptyset const-decl "set" sets nil) (alpha_calc const-decl "real" hd_only nil) (root const-decl "real" quadratic "reals/") (Sign type-eq-decl nil sign "reals/") (nzint nonempty-type-eq-decl nil integers nil) (discr const-decl "real" quadratic "reals/") (nonzero_real nonempty-type-eq-decl nil reals nil) (line_line_root const-decl "set[solution]" hd_only_algo nil) (line_line_root_lem formula-decl nil hd_only_algo nil) (alpha_type type-eq-decl nil hd_only nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (/= const-decl "boolean" notequal nil) (D const-decl "posreal" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (IF const-decl "[boolean, T, T -> T]" if_def nil) (member const-decl "bool" sets nil)) 31484 24710 t nil) (line_line_root_correct-2 "new" 3311070884 3311071103 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (lemma "hd_solution_correct" ("m" "m!1" "vi" "vi!1" "vo" "vo!1" "tr" "tr!1" "s" "s!1" "v" "v!1" "sr" "sr!1" "vrz" "v!1`z" "eps" "eps!1")) (("" (assert :quant-simp? t) (("" (expand "member") (("" (assert) (("" (expand "line_line_root") (("" (assert) (("" (lemma "line_line_root_discr") (("" (inst?) (("1" (name "R1" "root(1 + sq(alpha_calc(eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc(eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y), 1)") (("1" (replace -1) (("1" (name "R2" "root(1 + sq(alpha_calc(eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc(eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y), -1)") (("1" (replace -1) (("1" (lemma "line_line_root_discr") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (postpone) nil nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (postpone) nil nil) ("3" (postpone) nil nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 217253 11900 t nil) (new "new" 3311004987 3311070843 ("" (skosimp*) (("" (lemma "hd_solution_correct" ("m" "m!1" "vi" "vi!1" "vo" "vo!1" "tr" "tr!1" "s" "s!1" "v" "v!1" "sr" "sr!1" "vrz" "v!1`z" "eps" "eps!1")) (("" (assert :quant-simp? t) (("" (expand "member") (("" (assert) (("" (expand "line_line_root") (("" (assert) (("" (expand "emptyset") (("" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 899805 84140 t shostak) (line_line_root_correct-1 nil 3287939638 3288105295 ("" (skosimp*) (("" (lemma "hd_solution_correct") (("" (inst?) (("" (inst?) (("" (inst - "_" "alpha_calc(eps!1, s!1)" "alpha_calc(eps!1, sr!1)" "_" "_" "eps!1" "_" "_" "_" "_" "_" "_") (("1" (expand "member") (("1" (expand "line_line_root") (("1" (split -6) (("1" (flatten) (("1" (split -2) (("1" (flatten) (("1" (split -1) (("1" (flatten) (("1" (case "root!1") (("1" (assert) (("1" (inst - "x1(1 + sq(alpha_calc(eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc(eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y))") (("1" (assert) nil nil) ("2" (hide 2 3 6) (("2" (hide -2) (("2" (ground) (("2" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (assert) (("2" (inst - "x2(1 + sq(alpha_calc(eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc(eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y))") (("1" (split -3) (("1" (propax) nil nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (assert) nil nil)) nil) ("2" (hide 3 4 7 -1) (("2" (ground) (("2" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (hide 4) (("2" (ground) (("2" (mult-cases -2) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("3" (hide 4) (("3" (ground) (("3" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished ((hd_solution_correct formula-decl nil hd_only_prop nil) (member const-decl "bool" sets nil) (TRUE const-decl "bool" booleans nil) (root const-decl "real" quadratic "reals/") (Sign type-eq-decl nil sign nil) (nzint nonempty-type-eq-decl nil integers nil) (discr const-decl "real" quadratic "reals/") (nonzero_real nonempty-type-eq-decl nil reals nil) (zero_times3 formula-decl nil real_props nil) (emptyset const-decl "set" sets nil) (line_line_root const-decl "set[solution]" hd_only_algo nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (alpha_calc const-decl "real" hd_only nil) (alpha_type type-eq-decl nil hd_only nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (= const-decl "[T, T -> boolean]" equalities nil) (sq const-decl "nonneg_real" sq "reals/") (D const-decl "posreal" criteria nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 12659 12500 nil nil)) (line_line_hd_correct 0 (line_line_hd_correct-1 nil 3287939638 3311598089 ("" (skosimp*) (("" (lemma "line_line_root_correct") (("" (inst?) (("" (inst - "_" "_" "s!1+tr!1*(vo!1-vi!1)" "vo!1-vi!1") (("" (expand "member") (("" (expand "line_line_hd") (("" (split -2) (("1" (expand "union") (("1" (expand "member") (("1" (flatten) (("1" (assert) (("1" (split -3) (("1" (inst?) (("1" (assert) nil nil)) nil) ("2" (inst?) (("2" (assert) nil nil)) nil) ("3" (inst?) (("3" (assert) nil nil)) nil) ("4" (inst?) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((line_line_root_correct formula-decl nil hd_only_prop nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (line_line_hd const-decl "set[solution]" hd_only_algo nil) (emptyset const-decl "set" sets nil) (union const-decl "set" sets nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (TRUE const-decl "bool" booleans nil) (FALSE const-decl "bool" booleans nil) (member const-decl "bool" sets nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 766 710 nil nil)) (c_hd_solution_prop_TCC1 0 (c_hd_solution_prop_TCC1-1 nil 3287939638 3311676681 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 122 120 nil nil)) (c_hd_solution_prop 0 (c_hd_solution_prop-1 nil 3287939638 3311598090 ("" (skosimp*) (("" (replace -2) (("" (hide -2) (("" (replace -1) (("" (hide -1) (("" (expand "member") (("" (expand "c_hd_solution") (("" (split -) (("1" (flatten) (("1" (split -) (("1" (flatten) (("1" (assert) (("1" (expand "singleton") (("1" (replace -2) (("1" (hide -2) (("1" (expand "+") (("1" (expand "-") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (+ const-decl "Vect3" Vectors nil) (singleton const-decl "(singleton?)" sets nil) (emptyset const-decl "set" sets nil) (c_hd_solution const-decl "set[solution]" hd_only_algo nil)) 1054 910 nil nil)) (line_circle_root_correct_TCC1 0 (line_circle_root_correct_TCC1-1 nil 3311675876 3311676682 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 635 590 t nil)) (line_circle_root_correct 0 (line_circle_root_correct-3 nil 3311092693 3311598147 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (lemma "lchd_pred") (("" (assert) (("" (inst - "eps!1" "root!1" "root2!1" "s!1" "m!1`te" "tr!1" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr") (("" (assert) (("" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (assert) (("1" (split -2) (("1" (flatten) (("1" (assert) (("1" (lemma "line_circle_root_lem") (("1" (assert :quant-simp? t) (("1" (inst?) (("1" (inst - "333333333333") (("1" (assert) (("1" (flatten) (("1" (assert) (("1" (lemma "c_hd_solution_prop") (("1" (assert) (("1" (assert :quant-simp? t) (("1" (inst?) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 3) (("2" (lemma "line_circle_root_lem") (("2" (assert :quant-simp? t) (("2" (inst?) (("2" (inst - "333333333333") (("2" (assert) (("2" (lemma "c_hd_solution_prop") (("2" (assert :quant-simp? t) (("2" (inst?) (("2" (flatten) (("2" (assert) (("2" (flatten) (("2" (expand "lchd_pred") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((lchd_pred formula-decl nil line_circle_hd_comb nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (+ const-decl "Vect3" Vectors nil) (nzreal nonempty-type-eq-decl nil reals nil) (c_hd_solution_prop formula-decl nil hd_only_prop nil) (Pick_Root const-decl "real" common_defs nil) (theta const-decl "real" criteria nil) (alpha_calc const-decl "real" hd_only nil) (alpha_type type-eq-decl nil hd_only nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (/= const-decl "boolean" notequal nil) (D const-decl "posreal" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (IF const-decl "[boolean, T, T -> T]" if_def nil) (line_circle_root_lem formula-decl nil hd_only_algo nil) (lchd_pred const-decl "bool" line_circle_hd_comb nil) (member const-decl "bool" sets nil)) 55870 54460 t nil) (new "new" 3311079433 3311080717 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (lemma "lchd_let") (("" (assert) (("" (inst - "eps!1" "root!1" "root2!1" "s!1" "m!1`te" "tr!1" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr") (("" (assert) (("" (split -1) (("1" (flatten) (("1" (assert) (("1" (real-props) (("1" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (assert) (("1" (lemma "c_hd_solution_prop") (("1" (postpone) nil nil)) nil)) nil) ("2" (assert) (("2" (hide-all-but 1) (("2" (expand "+ ") (("2" (expand "-") (("2" (apply-extensionality 1 :hide? t) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (expand "-") (("2" (assert) (("2" (expand "line_circle_root") (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("3" (postpone) nil nil) ("4" (postpone) nil nil) ("5" (postpone) nil nil) ("6" (postpone) nil nil) ("7" (postpone) nil nil) ("8" (postpone) nil nil) ("9" (postpone) nil nil) ("10" (postpone) nil nil) ("11" (postpone) nil nil) ("12" (postpone) nil nil) ("13" (postpone) nil nil) ("14" (postpone) nil nil) ("15" (postpone) nil nil) ("16" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 932386 79270 t shostak) (line_circle_root_correct-2 nil 3288361914 nil ("" (skosimp*) (("" (expand "member") (("" (expand "line_circle_root") (("" (split -4) (("1" (name-replace "VEX" " IF root!1 THEN root(1 + sq (alpha_calc (eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc (eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y),1) ELSE root (1 + sq (alpha_calc (eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc (eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y),-1) ENDIF" nil) (("1" (expand "-") (("1" (expand "+") (("1" (expand "*") (("1" (flatten) (("1" (split -3) (("1" (flatten) (("1" (name-replace "TE1" "root(sq(sr!1`x + theta(1, s!1`z, vo!1`z - vi!1`z) * VEX - VEX * tr!1) + sq(sr!1`y - alpha_calc(eps!1, s!1) * VEX * tr!1 + alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX) - sq(D), 2 * (sq(D) * tr!1) - 2 * (s!1`x * sr!1`x * tr!1) - 2 * (s!1`y * sr!1`y * tr!1) - 2 * (s!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (sr!1`x * vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (sr!1`y * vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (s!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (s!1`x * VEX * tr!1 * tr!1) + 2 * (sr!1`x * vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (sr!1`y * vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (s!1`y * alpha_calc(eps!1, s!1) * VEX * tr!1 * tr!1) + 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) + 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1), sq(s!1`x + vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) + sq(s!1`y + vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) - sq(D) * sq(tr!1),1)" nil) (("1" (name-replace "TE2" "root(sq(sr!1`x + theta(1, s!1`z, vo!1`z - vi!1`z) * VEX - VEX * tr!1) + sq(sr!1`y - alpha_calc(eps!1, s!1) * VEX * tr!1 + alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX) - sq(D), 2 * (sq(D) * tr!1) - 2 * (s!1`x * sr!1`x * tr!1) - 2 * (s!1`y * sr!1`y * tr!1) - 2 * (s!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (sr!1`x * vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (sr!1`y * vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (s!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (s!1`x * VEX * tr!1 * tr!1) + 2 * (sr!1`x * vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (sr!1`y * vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (s!1`y * alpha_calc(eps!1, s!1) * VEX * tr!1 * tr!1) + 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) + 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1), sq(s!1`x + vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) + sq(s!1`y + vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) - sq(D) * sq(tr!1),-1)" nil) (("1" (lemma "c_hd_solution_prop") (("1" (inst?) (("1" (inst - "m!1" "s!1+tr!1*(vo!1-vi!1)" "vo!1-vi!1") (("1" (expand "member") (("1" (assert) (("1" (lemma "lchd") (("1" (assert) (("1" (inst - "eps!1" "s!1" "IF root2!1 THEN TE1 ELSE TE2 ENDIF" "tr!1" "vi!1" "vo!1" "_" "m!1`vr") (("1" (inst - "m!1`ve + vi!1") (("1" (expand "+") (("1" (expand "-") (("1" (expand "*") (("1" (assert) (("1" (split -2) (("1" (flatten) (("1" (assert) (("1" (replace -7) (("1" (hide -7) (("1" (replace -7) (("1" (hide -7) (("1" (replace -7) (("1" (hide -7) (("1" (case "root!1") (("1" (replace -1) (("1" (case "root2!1") (("1" (replace -1) (("1" (assert) (("1" (flatten) (("1" (assert) nil))))))) ("2" (replace 1) (("2" (assert) (("2" (flatten) (("2" (assert) nil))))))))))) ("2" (case "root2!1") (("1" (replace -1) (("1" (assert) (("1" (replace 1) (("1" (assert) (("1" (flatten) (("1" (assert) nil))))))))))) ("2" (replace 1) (("2" (assert) (("2" (assert) (("2" (replace -12) (("2" (flatten) (("2" (assert) nil))))))))))))))))))))))))))))))) ("2" (propax) nil))))))))))))))))))))))))) ("2" (hide-all-but (-9 1)) (("2" (expand "sq") (("2" (ground) (("2" (mult-cases -2) nil))))))) ("3" (assert) nil))))) ("2" (assert) nil) ("3" (hide-all-but (-8 1)) (("3" (expand "sq") (("3" (ground) (("3" (mult-cases -2) nil))))))) ("4" (assert) nil))) ("2" (assert) nil) ("3" (hide-all-but (-7 1)) (("3" (expand "sq") (("3" (ground) (("3" (mult-cases -2) nil))))))) ("4" (assert) nil))))) ("2" (assert) (("2" (flatten) (("2" (assert) (("2" (expand "emptyset") (("2" (propax) nil))))))))))))))))))) ("2" (flatten) nil) ("3" (flatten) (("3" (hide-all-but 2) (("3" (reveal -5) (("3" (expand "sq") (("3" (ground) (("3" (mult-cases -2) nil))))))))))) ("4" (flatten) nil) ("5" (flatten) (("5" (hide-all-but 1) (("5" (expand "sq") (("5" (reveal -6) (("5" (expand "sq") (("5" (ground) (("5" (mult-cases -2) nil))))))))))))))) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil)))))))))))) nil) unfinished nil nil nil nil nil) (line_circle_root_correct-1 nil 3288361834 3311081075 ("" (skosimp*) (("" (expand "member") (("" (expand "line_circle_root") (("" (split -4) (("1" (name-replace "VEX" " IF root!1 THEN x1 (1 + sq (alpha_calc (eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc (eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y)) ELSE x2 (1 + sq (alpha_calc (eps!1, s!1)), 2 * vi!1`x + 2 * (vi!1`y * alpha_calc (eps!1, s!1)), sq(vi!1`x) + sq(vi!1`y) - sq(vo!1`x) - sq(vo!1`y)) ENDIF" nil) (("1" (expand "-") (("1" (expand "+") (("1" (expand "*") (("1" (flatten) (("1" (split -3) (("1" (flatten) (("1" (name-replace "TE1" "x1(sq(sr!1`x + theta(1, s!1`z, vo!1`z - vi!1`z) * VEX - VEX * tr!1) + sq(sr!1`y - alpha_calc(eps!1, s!1) * VEX * tr!1 + alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX) - sq(D), 2 * (sq(D) * tr!1) - 2 * (s!1`x * sr!1`x * tr!1) - 2 * (s!1`y * sr!1`y * tr!1) - 2 * (s!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (sr!1`x * vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (sr!1`y * vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (s!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (s!1`x * VEX * tr!1 * tr!1) + 2 * (sr!1`x * vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (sr!1`y * vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (s!1`y * alpha_calc(eps!1, s!1) * VEX * tr!1 * tr!1) + 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) + 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1), sq(s!1`x + vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) + sq(s!1`y + vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) - sq(D) * sq(tr!1))" nil) (("1" (name-replace "TE2" "x2(sq(sr!1`x + theta(1, s!1`z, vo!1`z - vi!1`z) * VEX - VEX * tr!1) + sq(sr!1`y - alpha_calc(eps!1, s!1) * VEX * tr!1 + alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX) - sq(D), 2 * (sq(D) * tr!1) - 2 * (s!1`x * sr!1`x * tr!1) - 2 * (s!1`y * sr!1`y * tr!1) - 2 * (s!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (sr!1`x * vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (sr!1`y * vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) - 2 * (s!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) - 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) - 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (s!1`x * VEX * tr!1 * tr!1) + 2 * (sr!1`x * vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (sr!1`y * vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) * tr!1) + 2 * (s!1`y * alpha_calc(eps!1, s!1) * VEX * tr!1 * tr!1) + 2 * (vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1) + 2 * (vi!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1) + 2 * (vo!1`y * alpha_calc(eps!1, s!1) * theta(1, s!1`z, vo!1`z - vi!1`z) * VEX * tr!1 * tr!1), sq(s!1`x + vo!1`x * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`x * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) + sq(s!1`y + vo!1`y * theta(1, s!1`z, vo!1`z - vi!1`z) - vi!1`y * theta(1, s!1`z, vo!1`z - vi!1`z)) * sq(tr!1) - sq(D) * sq(tr!1))" nil) (("1" (lemma "c_hd_solution_prop") (("1" (inst?) (("1" (inst - "m!1" "s!1+tr!1*(vo!1-vi!1)" "vo!1-vi!1") (("1" (expand "member") (("1" (assert) (("1" (lemma "lchd") (("1" (assert) (("1" (inst - "eps!1" "s!1" "IF root2!1 THEN TE1 ELSE TE2 ENDIF" "tr!1" "vi!1" "vo!1" "_" "m!1`vr") (("1" (inst - "m!1`ve + vi!1") (("1" (expand "+") (("1" (expand "-") (("1" (expand "*") (("1" (assert) (("1" (split -2) (("1" (flatten) (("1" (assert) (("1" (replace -7) (("1" (hide -7) (("1" (replace -7) (("1" (hide -7) (("1" (replace -7) (("1" (hide -7) (("1" (case "root!1") (("1" (replace -1) (("1" (case "root2!1") (("1" (replace -1) (("1" (assert) (("1" (flatten) (("1" (assert) nil))))))) ("2" (replace 1) (("2" (assert) (("2" (flatten) (("2" (assert) nil))))))))))) ("2" (case "root2!1") (("1" (replace -1) (("1" (assert) (("1" (replace 1) (("1" (assert) (("1" (flatten) (("1" (assert) nil))))))))))) ("2" (replace 1) (("2" (assert) (("2" (assert) (("2" (replace -12) (("2" (flatten) (("2" (assert) nil))))))))))))))))))))))))))))))) ("2" (propax) nil))))))))))))))))))))))))) ("2" (hide-all-but (-9 1)) (("2" (expand "sq") (("2" (ground) (("2" (mult-cases -2) nil))))))) ("3" (assert) nil))))) ("2" (assert) nil) ("3" (hide-all-but (-8 1)) (("3" (expand "sq") (("3" (ground) (("3" (mult-cases -2) nil))))))) ("4" (assert) nil))) ("2" (assert) nil) ("3" (hide-all-but (-7 1)) (("3" (expand "sq") (("3" (ground) (("3" (mult-cases -2) nil))))))) ("4" (assert) nil))))) ("2" (assert) (("2" (flatten) (("2" (assert) (("2" (expand "emptyset") (("2" (propax) nil))))))))))))))))))) ("2" (flatten) nil) ("3" (flatten) (("3" (hide-all-but 2) (("3" (reveal -5) (("3" (expand "sq") (("3" (ground) (("3" (mult-cases -2) nil))))))))))) ("4" (flatten) nil) ("5" (flatten) (("5" (hide-all-but 1) (("5" (expand "sq") (("5" (reveal -6) (("5" (expand "sq") (("5" (ground) (("5" (mult-cases -2) nil))))))))))))))) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil)))))))))))) nil) unfinished nil 266560 14720 t nil)) (line_circle_hd_correct 0 (line_circle_hd_correct-1 nil 3287939638 3311598148 ("" (skosimp*) (("" (expand "member") (("" (expand "line_circle_hd") (("" (auto-rewrite "emptyset") (("" (split -1) (("1" (expand "union") (("1" (expand "member") (("1" (flatten) (("1" (lemma "line_circle_root_correct") (("1" (expand "member") (("1" (split -3) (("1" (inst?) (("1" (assert) (("1" (inst?) nil nil)) nil)) nil) ("2" (inst?) (("2" (inst?) (("2" (assert) nil nil)) nil)) nil) ("3" (inst?) (("3" (inst?) (("3" (assert) nil nil)) nil)) nil) ("4" (inst?) (("4" (inst?) (("4" (assert) nil nil)) nil)) nil) ("5" (inst?) (("5" (inst?) (("5" (assert) nil nil)) nil)) nil) ("6" (inst?) (("6" (inst?) (("6" (assert) nil nil)) nil)) nil) ("7" (inst?) (("7" (inst?) (("7" (assert) nil nil)) nil)) nil) ("8" (inst?) (("8" (inst?) (("8" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (emptyset const-decl "set" sets nil) (union const-decl "set" sets nil) (FALSE const-decl "bool" booleans nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (TRUE const-decl "bool" booleans nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (line_circle_root_correct formula-decl nil hd_only_prop nil) (line_circle_hd const-decl "set[solution]" hd_only_algo nil)) 1400 1330 t nil)) (circle_circle_root2_correct_TCC1 0 (circle_circle_root2_correct_TCC1-1 nil 3287939638 3311676683 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1236 1150 nil nil)) (circle_circle_root2_correct 0 (circle_circle_root2_correct-2 nil 3311355598 3311598220 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (expand "member") (("" (lemma "cchd_pred") (("" (inst?) (("" (inst - "root!1" "root2!1" "sr!1" "vi!1" "vo!1" "voe!1") (("" (replace -2 * rl) (("" (lemma "circle_circle_root2_lem") (("" (inst?) (("" (assert) (("" (flatten) (("" (lemma "c_hd_solution_prop") (("" (inst?) (("" (inst - "m!1" "sr!1" "v!1") (("" (assert) (("" (replace -5 * rl) (("" (replace -6 * rl) (("" (flatten) (("" (split -12) (("1" (case-replace "voe!1 - vi!1 + vi!1 = voe!1") (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil) ("2" (hide 6) (("2" (expand "cchd_pred") (("2" (expand "circle_circle_root2") (("2" (assert) (("2" (replace -15 * rl) (("2" (replace -13 * rl) (("2" (replace -7) (("2" (ground) (("2" (replace -15) (("2" (expand "-") (("2" (hide -10 -11 -12 -13) (("2" (hide 3) (("2" (replace -10 +) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (solution type-eq-decl nil common_defs nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (Pick_Root const-decl "real" common_defs nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (D const-decl "posreal" criteria nil) (cchd_pred const-decl "bool" circle_circle_hd_comb nil) (emptyset const-decl "set" sets nil) (circle_circle_root2 const-decl "set[solution]" hd_only_algo nil) (c_hd_solution_prop formula-decl nil hd_only_prop nil) (circle_circle_root2_lem formula-decl nil hd_only_algo nil) (cchd_pred formula-decl nil circle_circle_hd_comb nil)) 70350 68540 nil nil) (circle_circle_root2_correct-1 nil 3311336689 3311355525 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (expand "member") (("" (lemma "cchd_pred") (("" (inst?) (("" (inst - "TRUE" "root2!1" "sr!1" "vi!1" "vo!1" "voe!1") (("" (replace -2 * rl) (("" (lemma "circle_circle_root2_lem") (("" (inst?) (("" (assert) (("" (flatten) (("" (lemma "c_hd_solution_prop") (("" (inst?) (("" (inst - "m!1" "sr!1" "v!1") (("" (assert) (("" (replace -5 * rl) (("" (replace -6 * rl) (("" (flatten) (("" (split -12) (("1" (case-replace "voe!1 - vi!1 + vi!1 = voe!1") (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil) ("2" (hide 6) (("2" (expand "cchd_pred") (("2" (expand "circle_circle_root2") (("2" (assert) (("2" (replace -15 * rl) (("2" (replace -13 * rl) (("2" (replace -7) (("2" (ground) (("1" (hide -10 -11 -12 -13) (("1" (replace -14 * rl) (("1" (replace -15 * rl) (("1" (replace -17) (("1" (replace -18) (("1" (replace -19) (("1" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 948481 105690 t shostak)) (circle_circle_root_correct 0 (new "new" 3311424999 3311597972 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (assert) (("" (lemma "circle_circle_root_lem") (("" (inst?) (("" (assert) (("" (flatten) (("" (lemma "circle_circle_root2_correct") (("" (inst?) (("1" (assert :quant-simp? t) (("1" (inst?) (("1" (assert :quant-simp? t) (("1" (inst?) (("1" (name-replace "CCCCCCCCCCCCC" " separation?(s!1, m!1`ve) AND separation?(s!1 + m!1`te * m!1`ve, m!1`vr) AND heading_only?(vo!1, m!1`ve + vi!1) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + m!1`te * m!1`ve + (tr!1 - m!1`te) * m!1`vr AND 0 < m!1`te AND m!1`te < tr!1 AND vo!1`z = (m!1`vr + vi!1)`z") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 4) (("2" (name-replace "PRT" "Pick_Root(root!1, 4 * (sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x)) + 4 * (sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)), -4 * (sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(vo!1`x) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(vo!1`y) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (sq(D) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + (4 * (s!1`x * sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (s!1`x * sq(D) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(vo!1`x) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(vo!1`y) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * theta(-1, s!1`z, (vo!1 - vi!1)`z))), sq(sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) + sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) + sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(vo!1`x) + sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(vo!1`y) - sq(D)) - 4 * (sq(vo!1`x) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)) - 4 * (sq(vo!1`y) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)))") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Pick_Root const-decl "real" common_defs nil) (sq const-decl "nonneg_real" sq "reals/") (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (AND const-decl "[bool, bool -> bool]" booleans nil) (separation? const-decl "bool" criteria nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (heading_only? const-decl "bool" common_defs nil) (< const-decl "bool" reals nil) (circle_circle_root2_correct formula-decl nil hd_only_prop nil) (circle_circle_root_lem formula-decl nil hd_only_algo nil)) 96711 26370 t shostak) (circle_circle_root_correct-1 nil 3287939638 3288105411 ("" (skosimp*) (("" (expand "member") (("" (expand "circle_circle_root") (("" (expand "+") (("" (expand "-") (("" (expand "*") (("" (split -1) (("1" (flatten) (("1" (split -) (("1" (flatten) (("1" (split -) (("1" (name-replace "VOEX1" "x1(4 * (sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x)) + 4 * (sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y)), -4 * (s!1`x * sq(D) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x) * vi!1`x * theta (-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y) * vi!1`x * theta (-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq(vo!1`x) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * vi!1`x * theta (-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq(vo!1`y) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * vi!1`x * theta (-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq(vo!1`x) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq(vo!1`y) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (sq(D) * vi!1`x * theta (-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)), sq (sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x) + sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y) + sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq(vo!1`x) + sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq(vo!1`y) - sq(D)) - 4 * (sq(vo!1`x) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y)) - 4 * (sq(vo!1`y) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y)))" nil) (("1" (name-replace "VOEX2" "x2(4 * (sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x)) + 4 * (sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y)), -4 * (s!1`x * sq(D) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x) * vi!1`x * theta(-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y) * vi!1`x * theta(-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq(vo!1`x) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * vi!1`x * theta(-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) - 4 * (sq(vo!1`y) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * vi!1`x * theta(-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq(vo!1`x) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (s!1`x * sq(vo!1`y) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * theta (-1, s!1`z, vo!1`z - vi!1`z)) + 4 * (sq(D) * vi!1`x * theta(-1, s!1`z, vo!1`z - vi!1`z) * theta (-1, s!1`z, vo!1`z - vi!1`z)), sq (sq (s!1`x - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`x) + sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y) + sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq(vo!1`x) + sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq(vo!1`y) - sq(D)) - 4 * (sq(vo!1`x) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y)) - 4 * (sq(vo!1`y) * sq (theta (-1, s!1`z, vo!1`z - vi!1`z)) * sq (s!1`y - theta (-1, s!1`z, vo!1`z - vi!1`z) * vi!1`y))) " nil) (("1" (lemma "circle_circle_root2_correct") (("1" (inst?) (("1" (assert) (("1" (inst - "m!1") (("1" (expand "+") (("1" (expand "-") (("1" (expand "*") (("1" (assert) (("1" (replace -2) (("1" (replace -3) (("1" (hide -2 -3) (("1" (flatten) (("1" (expand "member") (("1" (split -1) (("1" (propax) nil nil) ("2" (propax) nil nil) ("3" (hide-all-but 1) (("3" (ground) (("3" (lift-if) (("3" (ground) nil nil)) nil)) nil)) nil) ("4" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (hide-all-but (-3 1)) (("2" (grind) nil nil)) nil)) nil)) nil) ("3" (assert) nil nil)) nil)) nil) ("2" (assert) nil nil) ("3" (assert) nil nil)) nil) ("2" (assert) nil nil) ("3" (assert) nil nil)) nil) ("2" (assert) (("2" (flatten) (("2" (assert) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished ((member const-decl "bool" sets nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (emptyset const-decl "set" sets nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (real nonempty-type-from-decl nil reals nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (/= const-decl "boolean" notequal nil) (discr const-decl "real" quadratic "reals/") (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (nzint nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (root const-decl "real" quadratic "reals/") (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (Sign type-eq-decl nil sign nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (circle_circle_root2_correct formula-decl nil hd_only_prop nil) (solution type-eq-decl nil common_defs nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (IF const-decl "[boolean, T, T -> T]" if_def nil) (circle_circle_root const-decl "set[solution]" hd_only_algo nil)) 110582 107120 nil nil)) (circle_circle_hd_correct 0 (circle_circle_hd_correct-1 nil 3287939638 3311599931 ("" (skosimp*) (("" (expand "member") (("" (expand "circle_circle_hd") (("" (expand "union") (("" (expand "member") (("" (lemma "circle_circle_root_correct") (("" (expand "member") (("" (assert) (("" (split -2) (("1" (inst?) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (inst?) (("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (inst?) (("3" (assert) (("3" (flatten) (("3" (assert) nil nil)) nil)) nil)) nil) ("4" (inst?) (("4" (assert) (("4" (flatten) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (union const-decl "set" sets nil) (circle_circle_root_correct formula-decl nil hd_only_prop nil) (FALSE const-decl "bool" booleans nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (TRUE const-decl "bool" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (circle_circle_hd const-decl "set[solution]" hd_only_algo nil)) 56688 9670 t nil)) (cl_solution_prop_TCC1 0 (cl_solution_prop_TCC1-1 nil 3287939638 3311676684 ("" (skosimp*) (("" (assert) (("" (prop) (("" (case "sr!1`x=0") (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sq const-decl "nonneg_real" sq "reals/")) 914 860 nil nil)) (cl_solution_prop_TCC2 0 (cl_solution_prop_TCC2-1 nil 3287939638 3311676685 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 953 910 nil nil)) (cl_solution_prop 0 (cl_solution_prop-1 nil 3287939638 3311598405 ("" (skosimp*) (("" (replace -1) (("" (hide -1) (("" (replace -1) (("" (hide -1) (("" (replace -1) (("" (hide -1) (("" (expand "member") (("" (expand "cl_solution") (("" (split -1) (("1" (flatten) (("1" (split -) (("1" (flatten) (("1" (split -) (("1" (flatten) (("1" (assert) (("1" (split -) (("1" (flatten) (("1" (assert) (("1" (hide -5) (("1" (expand "singleton") (("1" (name-replace "ALPHA" "alpha_calc(eps!1, s!1 + tr!1 * (vo!1 - vi!1))") (("1" (expand "+") (("1" (expand "-") (("1" (expand "*") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (hide-all-but (-5 1 4)) (("2" (prop) (("2" (name-replace "SR" "s!1 + tr!1 * (vo!1 - vi!1)") (("2" (mult-cases -2) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (emptyset const-decl "set" sets nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (alpha_calc const-decl "real" hd_only nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (singleton const-decl "(singleton?)" sets nil) (cl_solution const-decl "set[solution]" hd_only_algo nil)) 182871 181280 nil nil)) (circle_line_root_prep 0 (circle_line_root_prep-1 nil 3311593568 3311598458 ("" (skosimp*) (("" (auto-rewrite "member") (("" (lemma "circle_line_root_lem") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "cl_solution_prop") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (Pick_Root const-decl "real" common_defs nil) (D const-decl "posreal" criteria nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (cl_solution_prop formula-decl nil hd_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (circle_line_root_lem formula-decl nil hd_only_algo nil)) 52872 51980 t nil)) (circle_line_root_correct 0 (circle_line_root_correct-1 nil 3311591393 3311598634 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (assert) (("" (lemma "circle_line_root_prep") (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "clhd_pred") (("" (assert) (("" (inst - "eps!1" "root!1" "s!1" "s!1 + tr!1*(vo!1-vi!1)" "m!1`te" "tr!1" "vo!1 - vi!1" "m!1`ve" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr") (("" (name-replace "CCCCCCCCCCCCC" "separation?(s!1, m!1`ve) AND separation?(s!1 + m!1`te * m!1`ve, m!1`vr) AND heading_only?(vo!1, m!1`ve + vi!1) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + m!1`te * m!1`ve + (tr!1 - m!1`te) * m!1`vr ") (("" (assert) (("" (lemma "circle_line_root_lem") (("" (inst?) (("" (assert) (("" (flatten) (("" (lemma "cl_solution_prop") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (expand "clhd_pred") (("" (flatten) (("" (replace -3 * rl) (("" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (case-replace "m!1`vr + vi!1 - vi!1 = m!1`vr") (("1" (case-replace "(m!1`ve + vi!1)`x = m!1`ve`x + vi!1`x") (("1" (assert) (("1" (name-replace "PRTT" "Pick_Root(root!1, 4 * (sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * sq (s!1`x - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x)) + 4 * (sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * sq (s!1`y - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)), -4 * (sq (s!1`x - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) * vi!1`x * theta (-1, s!1`z, (vo!1 - vi!1)`z) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq (s!1`y - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) * vi!1`x * theta (-1, s!1`z, (vo!1 - vi!1)`z) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(vo!1`x) * sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * vi!1`x * theta (-1, s!1`z, (vo!1 - vi!1)`z) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(vo!1`y) * sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * vi!1`x * theta (-1, s!1`z, (vo!1 - vi!1)`z) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (sq(D) * vi!1`x * theta (-1, s!1`z, (vo!1 - vi!1)`z) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) + (4 * (s!1`x * sq (s!1`x - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (s!1`x * sq(D) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq (s!1`y - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(vo!1`x) * sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * theta (-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(vo!1`y) * sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * theta (-1, s!1`z, (vo!1 - vi!1)`z))), sq (sq (s!1`x - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) + sq (s!1`y - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) + sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * sq(vo!1`x) + sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * sq(vo!1`y) - sq(D)) - 4 * (sq(vo!1`x) * sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * sq (s!1`y - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)) - 4 * (sq(vo!1`y) * sq (theta (-1, s!1`z, (vo!1 - vi!1)`z)) * sq (s!1`y - theta (-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)))") (("1" (name-replace "TH" "theta(-1, s!1`z, (vo!1 - vi!1)`z)") (("1" (replace -7) (("1" (expand "-") (("1" (replace -8) (("1" (replace -9) (("1" (expand "+ ") (("1" (expand "*") (("1" (replace -12) (("1" (replace -2) (("1" (hide-all-but 5) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (expand "+") (("2" (propax) nil nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (clhd_pred formula-decl nil circle_line_hd_comb nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (clhd_pred const-decl "bool" circle_line_hd_comb nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (D const-decl "posreal" criteria nil) (Pick_Root const-decl "real" common_defs nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (cl_solution_prop formula-decl nil hd_only_prop nil) (circle_line_root_lem formula-decl nil hd_only_algo nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (separation? const-decl "bool" criteria nil) (heading_only? const-decl "bool" common_defs nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (circle_line_root_prep formula-decl nil hd_only_prop nil)) 175830 166010 t nil)) (circle_line_hd_correct 0 (circle_line_hd_correct-1 nil 3287939638 3311598634 ("" (skosimp*) (("" (auto-rewrite "member") (("" (expand "member") (("" (expand "circle_line_hd") (("" (expand "union") (("" (assert) (("" (lemma "circle_line_root_correct") (("" (assert) (("" (split -2) (("1" (inst?) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (inst?) (("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (inst?) (("3" (assert) (("3" (flatten) (("3" (assert) nil nil)) nil)) nil)) nil) ("4" (inst?) (("4" (assert) (("4" (flatten) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((circle_line_hd const-decl "set[solution]" hd_only_algo nil) (FALSE const-decl "bool" booleans nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (TRUE const-decl "bool" booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (circle_line_root_correct formula-decl nil hd_only_prop nil) (union const-decl "set" sets nil) (member const-decl "bool" sets nil)) 368 350 t nil)) (ic_solution_prop_TCC1 0 (ic_solution_prop_TCC1-1 nil 3287939638 3311676687 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (entry? const-decl "bool" criteria nil) (member const-decl "bool" sets nil) (/= const-decl "boolean" notequal nil)) 2114 1980 nil nil)) (ic_solution_prop 0 (ic_solution_prop-1 nil 3287939638 3311598637 ("" (skosimp*) (("" (auto-rewrite-theory "Vectors_rew") (("" (expand "ic_solution") (("" (expand "member") (("" (split -4) (("1" (flatten) (("1" (assert) (("1" (assert) (("1" (expand "singleton") (("1" (replace -3) (("1" (split -2) (("1" (flatten) (("1" (replace -3) (("1" (assert) nil nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (emptyset const-decl "set" sets nil) (singleton const-decl "(singleton?)" sets nil) (vr1z formula-decl nil Vectors_rew nil) (ic_solution const-decl "set[solution]" hd_only_algo nil)) 645 570 nil nil)) (in_circle_root_prep 0 (in_circle_root_prep-2 nil 3311513147 3311598682 ("" (skosimp*) (("" (auto-rewrite "member") (("" (lemma "in_circle_root_lem") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "ic_solution_prop") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (D const-decl "posreal" criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (Pick_Root const-decl "real" common_defs nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (ic_solution_prop formula-decl nil hd_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (in_circle_root_lem formula-decl nil hd_only_algo nil)) 45085 44140 t nil) (in_circle_root_prep-1 nil 3311512789 3311513126 ("" (skosimp*) (("" (lemma "in_circle_root_lem") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "ic_solution_prop") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (auto-rewrite "member") (("" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 231604 47500 t shostak)) (in_circle_root_correct 0 (in_circle_root_correct-2 nil 3311509614 3311598785 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (assert) (("" (lemma "in_circle_root_prep") (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "ichd_pred") (("" (assert) (("" (inst - "root!1" "s!1" "m!1`te" "tr!1" "vo!1 - vi!1" "m!1`ve" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr + vi!1" "m!1`vr") (("" (name-replace "CCCCCCC" "separation?(s!1, m!1`ve) AND heading_only?(vo!1, m!1`ve + vi!1) AND separation_pos?(s!1 + m!1`te * m!1`ve, m!1`vr) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + m!1`te * m!1`ve + (tr!1 - m!1`te) * m!1`vr") (("" (assert) (("" (lemma "in_circle_root_lem") (("" (inst?) (("" (assert) (("" (flatten) (("" (lemma "ic_solution_prop") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (expand "ichd_pred") (("" (flatten) (("" (replace -2 * rl) (("" (replace -3 * rl) (("" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (replace -2) (("1" (case-replace "m!1`vr + vi!1 - vi!1 = m!1`vr") (("1" (case-replace "(m!1`ve + vi!1)`x = m!1`ve`x + vi!1`x") (("1" (name-replace "PR1" " Pick_Root(root!1, 4 * (sq(m!1`te) * sq(s!1`x - m!1`te * vi!1`x)) + 4 * (sq(m!1`te) * sq(s!1`y - m!1`te * vi!1`y)), -4 * (sq(s!1`x - m!1`te * vi!1`x) * vi!1`x * m!1`te * m!1`te) - 4 * (sq(s!1`y - m!1`te * vi!1`y) * vi!1`x * m!1`te * m!1`te) - 4 * (sq(vo!1`x) * sq(m!1`te) * vi!1`x * m!1`te * m!1`te) - 4 * (sq(vo!1`y) * sq(m!1`te) * vi!1`x * m!1`te * m!1`te) + 4 * (sq(D) * vi!1`x * m!1`te * m!1`te) + (4 * (s!1`x * sq(s!1`x - m!1`te * vi!1`x) * m!1`te) - 4 * (s!1`x * sq(D) * m!1`te) + 4 * (s!1`x * sq(s!1`y - m!1`te * vi!1`y) * m!1`te) + 4 * (s!1`x * sq(vo!1`x) * sq(m!1`te) * m!1`te) + 4 * (s!1`x * sq(vo!1`y) * sq(m!1`te) * m!1`te)), sq(sq(s!1`x - m!1`te * vi!1`x) + sq(s!1`y - m!1`te * vi!1`y) + sq(m!1`te) * sq(vo!1`x) + sq(m!1`te) * sq(vo!1`y) - sq(D)) - 4 * (sq(vo!1`x) * sq(m!1`te) * sq(s!1`y - m!1`te * vi!1`y)) - 4 * (sq(vo!1`y) * sq(m!1`te) * sq(s!1`y - m!1`te * vi!1`y))) ") (("1" (replace -5) (("1" (assert) (("1" (expand "+ ") (("1" (expand "-") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (expand "+") (("2" (propax) nil nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (ichd_pred formula-decl nil in_circle_hd_comb nil) (+ const-decl "Vect3" Vectors nil) (ichd_pred const-decl "bool" in_circle_hd_comb nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (D const-decl "posreal" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (Pick_Root const-decl "real" common_defs nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (ic_solution_prop formula-decl nil hd_only_prop nil) (in_circle_root_lem formula-decl nil hd_only_algo nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "Vect3" Vectors nil) (separation_pos? const-decl "bool" hd_only nil) (heading_only? const-decl "bool" common_defs nil) (separation? const-decl "bool" criteria nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (in_circle_root_prep formula-decl nil hd_only_prop nil)) 102727 100950 t nil) (in_circle_root_correct-1 nil 3311504479 3311509568 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (assert) (("" (lemma "in_circle_root_prep") (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "ichd_pred") (("" (assert) (("" (inst - "root!1" "s!1" "m!1`te" "tr!1" "vo!1 - vi!1" "m!1`ve" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr + vi!1" "m!1`vr") (("" (name-replace "CCCCCCC" "separation?(s!1, m!1`ve) AND heading_only?(vo!1, m!1`ve + vi!1) AND separation_pos?(s!1 + m!1`te * m!1`ve, m!1`vr) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + m!1`te * m!1`ve + (tr!1 - m!1`te) * m!1`vr ") (("" (assert) (("" (expand "in_circle_root") (("" (expand "ichd_pred") (("" (assert) (("" (lift-if) (("" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (case-replace "m!1`vr + vi!1 - vi!1 = m!1`vr") (("1" (lemma "ic_solution_prop") (("1" (assert :quant-simp? t) (("1" (inst?) (("1" (case "root!1") (("1" (assert) (("1" (expand "+") (("1" (expand "-") (("1" (postpone) nil nil)) nil)) nil)) nil) ("2" (postpone) nil nil)) nil) ("2" (postpone) nil nil) ("3" (postpone) nil nil) ("4" (postpone) nil nil) ("5" (postpone) nil nil)) nil)) nil)) nil) ("2" (postpone) nil nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 3693053 2629740 t shostak)) (in_circle_hd_correct 0 (in_circle_hd_correct-1 nil 3287939638 3311598785 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (lemma "in_circle_root_correct") (("" (assert :quant-simp? t) (("" (inst?) (("" (inst-cp -1 "TRUE") (("" (inst -1 "FALSE") (("" (expand "in_circle_hd") (("" (expand "union") (("" (assert) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((in_circle_root_correct formula-decl nil hd_only_prop nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (FALSE const-decl "bool" booleans nil) (union const-decl "set" sets nil) (in_circle_hd const-decl "set[solution]" hd_only_algo nil) (TRUE const-decl "bool" booleans nil) (member const-decl "bool" sets nil)) 157 160 t nil)) (oc_solution_prop_TCC1 0 (oc_solution_prop_TCC1-1 nil 3287939638 3311676689 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (member const-decl "bool" sets nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (exit? const-decl "bool" criteria nil) (/= const-decl "boolean" notequal nil)) 1947 1820 nil nil)) (oc_solution_prop 0 (oc_solution_prop-1 nil 3287939638 3311598788 ("" (skosimp*) (("" (auto-rewrite-theory "Vectors_rew") (("" (expand "oc_solution") (("" (expand "member") (("" (split -4) (("1" (flatten) (("1" (assert) (("1" (expand "singleton") (("1" (split -3) (("1" (flatten) (("1" (assert) (("1" (assert) (("1" (hide -1 -2) (("1" (replace -1) (("1" (assert) (("1" (apply-extensionality 1 :hide? t) (("1" (replace -4) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (emptyset const-decl "set" sets nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (Vect3 type-eq-decl nil Vectors nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (vr1z formula-decl nil Vectors_rew nil) (oc_solution const-decl "set[solution]" hd_only_algo nil)) 871 800 nil nil)) (out_circle_root_prep 0 (out_circle_root_prep-1 nil 3311528073 3311598822 ("" (skosimp*) (("" (lemma "out_circle_root_lem") (("" (inst?) (("" (assert) (("" (flatten) (("" (lemma "oc_solution_prop") (("" (expand "member") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (expand "+ ") (("" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((out_circle_root_lem formula-decl nil hd_only_algo nil) (oc_solution_prop formula-decl nil hd_only_prop nil) (+ const-decl "Vect3" Vectors nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (D const-decl "posreal" criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (Pick_Root const-decl "real" common_defs nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (member const-decl "bool" sets nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 33134 32370 t shostak)) (out_circle_root_correct 0 (out_circle_root_correct-1 nil 3311522583 3311598920 ("" (skosimp*) (("" (auto-rewrite "member") (("" (auto-rewrite "emptyset") (("" (assert) (("" (lemma "out_circle_root_prep") (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "ochd_pred") (("" (assert) (("" (inst - "root!1" "s!1" "m!1`te" "tr!1" "vo!1 - vi!1" "m!1`ve" "vi!1" "vo!1" "m!1`ve + vi!1" "m!1`vr + vi!1" "m!1`vr") (("" (name-replace "CCCCCCC" "separation?(s!1, m!1`ve) AND separation?(s!1 + m!1`te * m!1`ve, m!1`vr) AND heading_only?(vo!1, m!1`ve + vi!1) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + m!1`te * m!1`ve + (tr!1 - m!1`te) * m!1`vr") (("" (assert) (("" (hide 2) (("" (lemma "out_circle_root_lem") (("" (inst?) (("" (assert) (("" (assert :quant-simp? t) (("" (flatten) (("" (lemma "oc_solution_prop") (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (expand "ochd_pred") (("" (case-replace "m!1`ve + vi!1 - vi!1 = m!1`ve") (("1" (case-replace "m!1`vr + vi!1 - vi!1 = m!1`vr") (("1" (name-replace "PRTT" "Pick_Root(root!1, 4 * (sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x)) + 4 * (sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)), -4 * (sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(vo!1`x) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (sq(vo!1`y) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (sq(D) * vi!1`x * theta(-1, s!1`z, (vo!1 - vi!1)`z) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + (4 * (s!1`x * sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) - 4 * (s!1`x * sq(D) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(vo!1`x) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * theta(-1, s!1`z, (vo!1 - vi!1)`z)) + 4 * (s!1`x * sq(vo!1`y) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * theta(-1, s!1`z, (vo!1 - vi!1)`z))), sq(sq(s!1`x - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`x) + sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y) + sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(vo!1`x) + sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(vo!1`y) - sq(D)) - 4 * (sq(vo!1`x) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)) - 4 * (sq(vo!1`y) * sq(theta(-1, s!1`z, (vo!1 - vi!1)`z)) * sq(s!1`y - theta(-1, s!1`z, (vo!1 - vi!1)`z) * vi!1`y)))") (("1" (expand "-") (("1" (expand "+") (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind-with-ext) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((member const-decl "bool" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (ochd_pred formula-decl nil out_circle_hd_comb nil) (+ const-decl "Vect3" Vectors nil) (out_circle_root_lem formula-decl nil hd_only_algo nil) (ochd_pred const-decl "bool" out_circle_hd_comb nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (D const-decl "posreal" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (Pick_Root const-decl "real" common_defs nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (oc_solution_prop formula-decl nil hd_only_prop nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (heading_only? const-decl "bool" common_defs nil) (* const-decl "Vect3" Vectors nil) (separation? const-decl "bool" criteria nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (out_circle_root_prep formula-decl nil hd_only_prop nil)) 98313 88440 t nil)) (out_circle_hd_correct 0 (out_circle_hd_correct-1 nil 3287939638 3311598920 ("" (skosimp*) (("" (expand "out_circle_hd") (("" (expand "union") (("" (lemma "out_circle_root_correct") (("" (expand "member") (("" (split -2) (("1" (inst?) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (inst?) (("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((out_circle_hd const-decl "set[solution]" hd_only_algo nil) (out_circle_root_correct formula-decl nil hd_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (TRUE const-decl "bool" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (FALSE const-decl "bool" booleans nil) (member const-decl "bool" sets nil) (union const-decl "set" sets nil)) 201 200 t nil)) (hd_only_algo_correct 0 (hd_only_algo_correct-1 nil 3287939638 3311598922 ("" (skosimp*) (("" (lemma "line_line_hd_correct") (("" (inst?) (("" (lemma "line_circle_hd_correct") (("" (inst?) (("" (lemma "circle_circle_hd_correct") (("" (inst?) (("" (lemma "circle_line_hd_correct") (("" (inst?) (("" (lemma "in_circle_hd_correct") (("" (inst?) (("" (lemma "out_circle_hd_correct") (("" (inst?) (("" (lemma "sep_connection") (("" (copy -1) (("" (inst?) (("" (inst -2 "s!1 + m!1`te * m!1`ve" "tr!1 - m!1`te" "m!1`vr") (("" (expand "hd_only_algo") (("" (expand "union") (("" (expand "member") (("" (ground) (("1" (expand "heading_only?") (("1" (expand "+ ") (("1" (propax) nil nil)) nil)) nil) ("2" (hide-all-but (-3 1)) (("2" (expand "pred_sep?") (("2" (expand "separation_pos?") (("2" (skosimp*) (("2" (inst?) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("3" (expand "+ ") (("3" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((line_line_hd_correct formula-decl nil hd_only_prop nil) (line_circle_hd_correct formula-decl nil hd_only_prop nil) (circle_circle_hd_correct formula-decl nil hd_only_prop nil) (circle_line_hd_correct formula-decl nil hd_only_prop nil) (in_circle_hd_correct formula-decl nil hd_only_prop nil) (out_circle_hd_correct formula-decl nil hd_only_prop nil) (sep_connection formula-decl nil common_defs nil) (hd_only_algo const-decl "set[solution]" hd_only_algo nil) (member const-decl "bool" sets nil) (separation_pos? const-decl "bool" hd_only nil) (heading_only? const-decl "bool" common_defs nil) (union const-decl "set" sets nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (separation? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 1271 1140 t nil))) $$$rr3d_prop.pvs rr3d_prop: THEORY BEGIN IMPORTING rr3d_algo, gs_only_prop, vert_only_prop, hd_only_prop, common_defs s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity tr : VAR posreal % Recovery time m : VAR solution % % % ----------------------------------------------------------- % Proof of RR3D Algorithm % ----------------------------------------------------------- % % rr3d_algo_correct : THEOREM hor_sep?(s) AND NOT pred_sep?(s,vo-vi,tr) AND member(m, rr3d_algo(s, vo, vi, tr)) IMPLIES pred_sep?(s, m`ve, m`te) AND pred_sep?(s + m`te * m`ve, m`vr, tr - m`te) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND ((ground_speed_only?(m`ve+vi, vo, vi) AND ground_speed_only?(m`vr+vi, vo, vi)) OR (vertical_change?(vo-vi, m`ve) AND vertical_change?(vo-vi, m`vr)) OR heading_only?(vo, m`ve + vi)) END rr3d_prop $$$rr3d_prop.prf (rr3d_prop (rr3d_algo_correct 0 (rr3d_algo_correct-1 nil 3311609080 3311609747 ("" (skosimp*) (("" (auto-rewrite "member") (("" (expand "rr3d_algo") (("" (expand "union") (("" (assert) (("" (split -2) (("1" (lemma "vert_only_algo_correct") (("1" (inst?) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (lemma "gs_only_algo_correct") (("2" (inst?) (("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("3" (lemma "hd_only_algo_correct") (("3" (inst?) (("3" (assert) (("3" (flatten) (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((rr3d_algo const-decl "set[solution]" rr3d_algo nil) (member const-decl "bool" sets nil) (hd_only_algo_correct formula-decl nil hd_only_prop nil) (gs_only_algo_correct formula-decl nil gs_only_prop nil) (vert_only_algo_correct formula-decl nil vert_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (union const-decl "set" sets nil)) 8390 360 t nil))) $$$hd_only_algo.pvs hd_only_algo: THEORY BEGIN IMPORTING hd_only, criteria, common_defs, sign s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity voe : VAR Vect3 % Ownship escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR posreal % Recovery time te : VAR real % Escape time t : VAR real % time thp : VAR real % time thpp: VAR real % time tpp : VAR real % time m : VAR solution a : VAR real b : VAR real c : VAR real E : VAR real vrx : VAR real % x component of recovery velocity vry : VAR real % y component of recovery velocity vrz : VAR real % z component of recovery velocity eps : Var Sign root : Var bool % a flag: true = x1 root, false = x2 root root2: Var bool % a flag: true = x1 root, false = x2 root % Pick_Root(root, a, b, c): real = IF root % THEN x1(a, b, c) % ELSE x2(a, b, c) % ENDIF % % % ---------------------------------------------------------------- % Line-Line Algorithm % ---------------------------------------------------------------- % % hd_solution(ve, vrx, vry, vrz, te, tr) : set[solution] = LET vr = (# x:= vrx, y:= vry, z:= vrz #) IN IF hor_speed_gt_0?(ve) AND hor_speed_gt_0?(vr) AND 0 < te AND te < tr THEN LET m = (# ve:=ve, vr:=vr, te:=te #) IN singleton(m) ELSE emptyset ENDIF hd_solution_lem: LEMMA hd_solution(ve, vrx, vry, vrz, te, tr)(m) IMPLIES hor_speed_gt_0?(ve) AND hor_speed_gt_0?((# x:=vrx, y:=vry, z:=vrz #)) AND 0 < te AND te < tr AND m = (# ve := ve, vr := (# x:=vrx, y:=vry, z:=vrz #), te := te #) line_line_root(s:alpha_type, sr: alpha_type, vo, vi, tr, eps, root) : set[solution] = LET v = vo - vi, alpha = alpha_calc(eps,s), alpha2 = alpha_calc(eps,sr), a = 1 + sq(alpha), b = 2*(vi`x + alpha * vi`y), c = sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y) IN IF discr(a, b, c) >= 0 THEN LET % vex = IF root % THEN root(a,b,c,1) % ELSE root(a,b,c,-1) % ENDIF, vex = Pick_Root(root,a,b,c), ve = (# x:= vex, y:= alpha * vex, z:= v`z #) IN IF ve`y-alpha2*ve`x /= 0 THEN LET te = tr*(v`y-alpha2*v`x)/(ve`y - alpha2*ve`x) IN IF tr /= te THEN LET vrx = (tr*v`x-te*vex) / (tr - te), vry = alpha2 * vrx, vrz = v`z IN hd_solution(ve, vrx, vry, vrz, te, tr) ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF line_line_root_lem: LEMMA FORALL (s,sr :alpha_type): line_line_root(s,sr,vo,vi,tr,eps,root)(m) IMPLIES LET v = vo - vi, alpha = alpha_calc(eps,s), alpha2 = alpha_calc(eps,sr), a = 1 + sq(alpha), b = 2*(vi`x + alpha * vi`y), c = sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y) IN discr(a, b, c) >= 0 AND LET vex = Pick_Root(root,a,b,c), ve = (# x:= vex, y:= alpha * vex, z:= v`z #) IN ve`y-alpha2*ve`x /= 0 AND LET te = tr*(v`y-alpha2*v`x)/(ve`y - alpha2*ve`x) IN tr /= te AND LET vrx = (tr*v`x-te*vex) / (tr - te), vry = alpha2 * vrx, vrz = v`z IN hd_solution(ve, vrx, vry, vrz, te, tr)(m) line_line_hd(s, vo, vi, tr) : set[solution] = LET v = vo - vi, sr = s + tr*v IN IF sq(s`x) + sq(s`y) > sq(D) AND sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND sr`y /= 0 THEN LET m1 = line_line_root(s, sr, vo, vi, tr, -1, TRUE), m2 = line_line_root(s, sr, vo, vi, tr, -1, FALSE), m3 = line_line_root(s, sr, vo, vi, tr, 1, TRUE), m4 = line_line_root(s, sr, vo, vi, tr, 1, FALSE) IN union(m1, union(m2, union(m3, m4))) ELSE emptyset ENDIF % % % ---------------------------------------------------------------- % Line-Circle Algorithm % ---------------------------------------------------------------- % % c_hd_solution(s, ve, vo, vi, te, tpp, tr) : set[solution] = LET v = vo - vi, sr = s + tr * v IN IF hor_speed_gt_0?(ve) AND % tau(s,ve) < tpp AND tpp < tr AND te /= tr AND 0 < te AND te < tr THEN LET vr = (# x:= (tr*v`x-te*ve`x)/(tr-te), y:= (tr*v`y-te*ve`y)/(tr-te), z:= v`z #) IN IF entry?(sr+(tpp-tr)*vr,vr) THEN LET m = (# ve:=ve, vr:=vr, te:=te #) IN singleton(m) ELSE emptyset ENDIF ELSE emptyset ENDIF line_circle_root(s:alpha_type, sr, vo, vi, tr, eps, root, root2) : set[solution] = LET v = vo - vi, alpha = alpha_calc(eps,s), a1 = 1 + sq(alpha), b1 = 2*(vi`x + alpha * vi`y), c1 = sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y) IN IF discr(a1, b1, c1) >= 0 AND v`z /= 0 THEN LET vex = Pick_Root(root, a1, b1, c1), ve = (# x:= vex, y:= alpha * vex, z:= v`z #), tpp = theta(1,s`z,v`z), Ax = sr`x + (tpp - tr)*ve`x, Ay = sr`y + (tpp - tr)*ve`y, B_x = (s`x+tpp*v`x), B_y = (s`y+tpp*v`y), a2 = sq(Ax) + sq(Ay) - sq(D), b2 = 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, c2 = sq(tr) * (sq(B_x) + sq(B_y) - sq(D)) IN IF a2 /= 0 AND discr(a2, b2, c2) >= 0 THEN LET te = Pick_Root(root2,a2, b2, c2) IN c_hd_solution(s, ve, vo, vi, te, tpp, tr) ELSE emptyset ENDIF ELSE emptyset ENDIF line_circle_root_lem: LEMMA FORALL (a: nzreal), (s: alpha_type): %% RWB NEW %% line_circle_root(s, sr, vo, vi, tr, eps, root, root2)(m) IMPLIES LET v = vo - vi, alpha = alpha_calc(eps,s), a1 = 1 + sq(alpha), b1 = 2*(vi`x + alpha * vi`y), c1 = sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y), vex = Pick_Root(root, a1, b1, c1), ve = (# x:= vex, y:= alpha * vex, z:= v`z #), tpp = theta(1,s`z,v`z), Ax = sr`x + (tpp - tr)*ve`x, Ay = sr`y + (tpp - tr)*ve`y, B_x = (s`x+tpp*v`x), B_y = (s`y+tpp*v`y), a2 = sq(Ax) + sq(Ay) - sq(D), b2 = 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, c2 = sq(tr) * (sq(B_x) + sq(B_y) - sq(D)), te = Pick_Root(root2,a2, b2, c2) IN c_hd_solution(s, ve, vo, vi, te, tpp, tr)(m) AND discr(a1, b1, c1) >= 0 AND v`z /= 0 AND a2 /= 0 AND discr(a2, b2, c2) >= 0 line_circle_hd(s, vo, vi, tr) : set[solution] = LET v = vo - vi, sr = s + tr*v IN IF sq(s`x) + sq(s`y) > sq(D) AND sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) THEN LET m1 = line_circle_root(s, sr, vo, vi, tr, -1, TRUE, TRUE), m2 = line_circle_root(s, sr, vo, vi, tr, -1, FALSE, TRUE), m3 = line_circle_root(s, sr, vo, vi, tr, 1, TRUE, TRUE), m4 = line_circle_root(s, sr, vo, vi, tr, 1, FALSE, TRUE), m5 = line_circle_root(s, sr, vo, vi, tr, -1, TRUE, FALSE), m6 = line_circle_root(s, sr, vo, vi, tr, -1, FALSE, FALSE), m7 = line_circle_root(s, sr, vo, vi, tr, 1, TRUE, FALSE), m8 = line_circle_root(s, sr, vo, vi, tr, 1, FALSE, FALSE) IN union(m1, union(m2, union(m3, union(m4, union(m5, union(m6, union(m7, m8))))))) ELSE emptyset ENDIF % % % ---------------------------------------------------------------- % Circle-Circle Algorithm % ---------------------------------------------------------------- % % circle_circle_root2(s, voe, vo, vi, E, thp, tr, root2) : set[solution] = LET v = vo - vi, sr = s + tr*v, ve = voe - vi IN IF v`z /= 0 THEN LET tpp = theta(1,s`z,v`z), Ax = sr`x + (tpp - tr)*ve`x, Ay = sr`y + (tpp - tr)*ve`y, B_x = (s`x+tpp*v`x), B_y = (s`y+tpp*v`y), a2 = sq(Ax) + sq(Ay) - sq(D), b2 = 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, c2 = sq(tr) * (sq(B_x) + sq(B_y) - sq(D)) IN IF a2 /= 0 AND discr(a2, b2, c2) >= 0 AND sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND exit?(s + thp * ve, ve) THEN LET te = Pick_Root(root2,a2,b2,c2) IN c_hd_solution(s, ve, vo, vi, te, tpp, tr) ELSE emptyset ENDIF ELSE emptyset ENDIF circle_circle_root2_lem: LEMMA circle_circle_root2(s,voe,vo,vi,E,thp,tr,root2)(m) IMPLIES LET v = vo - vi, sr = s + tr*v, ve = voe - vi, tpp = theta(1,s`z,v`z), Ax = sr`x + (tpp - tr)*ve`x, Ay = sr`y + (tpp - tr)*ve`y, B_x = (s`x+tpp*v`x), B_y = (s`y+tpp*v`y), a2 = sq(Ax) + sq(Ay) - sq(D), b2 = 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, c2 = sq(tr) * (sq(B_x) + sq(B_y) - sq(D)), te = Pick_Root(root2,a2,b2,c2) IN a2 /= 0 AND discr(a2, b2, c2) >= 0 AND c_hd_solution(s, ve, vo, vi, te, tpp, tr)(m) circle_circle_root(s, vo, vi, tr, root, root2) : set[solution] = LET v = vo - vi, sr = s + tr*v IN IF v`z /= 0 THEN LET thp = theta(-1,s`z,v`z), SSx = s`x - thp * vi`x, SSy = s`y - thp * vi`y, E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D), A = 4*sq(thp)*(sq(SSx) + sq(SSy)), B = 4*(s`x - thp*vi`x)*thp*E, C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN IF A /= 0 AND discr(A,B,C) >= 0 THEN LET voex = Pick_Root(root,A, B, C) IN IF sq(vo`x) + sq(vo`y) >= sq(voex) THEN LET voe = (# x:= voex, y:= sqrt(sq(vo`x) + sq(vo`y) - sq(voex)), z:= vo`z #) IN circle_circle_root2(s, voe, vo, vi, E, thp, tr, root2) ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF circle_circle_root_lem: LEMMA circle_circle_root(s, vo, vi, tr, root, root2)(m) IMPLIES LET v = vo - vi, sr = s + tr*v IN v`z /= 0 AND LET thp = theta(-1,s`z,v`z), SSx = s`x - thp * vi`x, SSy = s`y - thp * vi`y, E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D), A = 4*sq(thp)*(sq(SSx) + sq(SSy)), B = 4*(s`x - thp*vi`x)*thp*E, C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)), voex = Pick_Root(root,A, B, C) IN sq(vo`x) + sq(vo`y) >= sq(voex) AND A /= 0 AND discr(A,B,C) >= 0 AND LET voe = (# x:= voex, y:= sqrt(sq(vo`x) + sq(vo`y) - sq(voex)), z:= vo`z #) IN circle_circle_root2(s, voe, vo, vi, E, thp, tr, root2)(m) circle_circle_hd(s, vo, vi, tr) : set[solution] = union( circle_circle_root(s, vo, vi, tr, TRUE, TRUE), union( circle_circle_root(s, vo, vi, tr, FALSE, TRUE), union( circle_circle_root(s, vo, vi, tr, TRUE, FALSE), circle_circle_root(s, vo, vi, tr, FALSE, FALSE)))) % % % ---------------------------------------------------------------- % Circle-Line Algorithm % ---------------------------------------------------------------- % % cl_solution(s, voe, vo, vi, E, thp, tr, eps) : set[solution] = LET v = vo - vi, sr = s + tr*v, ve = voe - vi IN IF exit?(s + thp * ve, ve) AND sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND sr`y /= 0 THEN LET alpha2 = alpha_calc(eps,sr) IN IF ve`y-alpha2*ve`x /= 0 THEN LET te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) IN IF tr /= te AND 0 < te AND te < tr THEN LET vr = (# x:= (tr*v`x-te*ve`x)/(tr-te), y:= alpha2*(tr*v`x-te*ve`x)/(tr-te), z:= v`z #) IN IF hor_speed_gt_0?(vr) THEN singleton((#ve:= ve, vr:= vr, te:=te#)) ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF circle_line_root(s, vo, vi, tr, root, eps) : set[solution] = LET v = vo - vi, sr = s + tr*v IN IF v`z /= 0 THEN LET thp = theta(-1,s`z,v`z), SSx = s`x - thp * vi`x, SSy = s`y - thp * vi`y, E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D), A = 4*sq(thp)*(sq(SSx) + sq(SSy)), B = 4*(s`x - thp*vi`x)*thp*E, C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN IF A /= 0 AND discr(A,B,C) >= 0 THEN LET voex = Pick_Root(root, A, B, C) IN IF sq(vo`x) + sq(vo`y) >= sq(voex) THEN LET voe = (# x:= voex, y:= sqrt(sq(vo`x) + sq(vo`y) - sq(voex)), z:= vo`z #) IN cl_solution(s, voe, vo, vi, E, thp, tr, eps) ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF circle_line_root_lem: LEMMA circle_line_root(s,vo,vi,tr,root,eps)(m) IMPLIES LET v = vo - vi, sr = s + tr*v IN v`z /= 0 AND LET thp = theta(-1,s`z,v`z), SSx = s`x - thp * vi`x, SSy = s`y - thp * vi`y, E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D), A = 4*sq(thp)*(sq(SSx) + sq(SSy)), B = 4*(s`x - thp*vi`x)*thp*E, C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN A /= 0 AND discr(A,B,C) >= 0 AND LET voex = Pick_Root(root, A, B, C) IN sq(vo`x) + sq(vo`y) >= sq(voex) AND LET voe = (# x:= voex, y:= sqrt(sq(vo`x) + sq(vo`y) - sq(voex)), z:= vo`z #) IN cl_solution(s, voe, vo, vi, E, thp, tr, eps)(m) circle_line_hd(s, vo, vi, tr) : set[solution] = union( circle_line_root(s, vo, vi, tr, TRUE, -1), union( circle_line_root(s, vo, vi, tr, FALSE, -1), union( circle_line_root(s, vo, vi, tr, TRUE, 1), circle_line_root(s, vo, vi, tr, FALSE, 1)))) % % % ---------------------------------------------------------------- % In-Circle Algorithm % ---------------------------------------------------------------- % % ic_solution(s, voe, vo, vi, thpp, tr) : set[solution] = LET v = vo - vi, sr = s + tr*v, ve = voe - vi IN IF entry?(s + thpp * ve, ve) THEN LET te = thpp IN IF 0 < te AND te < tr THEN LET vorx = (te*voe`x - tr*vo`x)/(thpp - tr), vory = (te*voe`y - tr*vo`y)/(thpp - tr), vr = (# x:= vorx - vi`x, y:= vory - vi`y, z:= v`z #) IN singleton((#ve:= ve, vr:= vr, te:=te#)) ELSE emptyset ENDIF ELSE emptyset ENDIF in_circle_root(s, vo, vi, tr, root) : set[solution] = LET v = vo - vi, sr = s + tr*v IN IF v`z /= 0 THEN LET thpp = theta(1,s`z,v`z) , SSx = s`x - thpp * vi`x , SSy = s`y - thpp * vi`y , E = sq(s`x - thpp*vi`x) + sq(s`y - thpp*vi`y) + sq(thpp)*sq(vo`x) + sq(thpp)*sq(vo`y) - sq(D) , A = 4*sq(thpp)*(sq(SSx) + sq(SSy)) , B = 4*(s`x - thpp*vi`x)*thpp*E , C = sq(E) - 4*sq(s`y - thpp*vi`y)*sq(thpp)*(sq(vo`x)+sq(vo`y)) IN IF A /= 0 AND discr(A,B,C) >= 0 THEN LET voex = IF root THEN x1(A, B, C) ELSE x2(A, B, C) ENDIF IN IF sq(vo`x) + sq(vo`y) >= sq(voex) THEN LET voey = sqrt(sq(vo`x) + sq(vo`y) - sq(voex)) IN IF sign(-2 * (s`y - thpp*vi`y) * thpp * voey) = sign(E + 2 * (s`x - thpp*vi`x) * thpp * voex) THEN LET voe = (# x:= voex, y:= voey, z:= vo`z #) IN ic_solution(s, voe, vo, vi, thpp, tr) ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF in_circle_root_lem: LEMMA in_circle_root(s, vo, vi, tr, root)(m) IMPLIES LET v = vo - vi, sr = s + tr*v IN v`z /= 0 AND LET thpp = theta(1,s`z,v`z) , SSx = s`x - thpp * vi`x , SSy = s`y - thpp * vi`y , E = sq(s`x - thpp*vi`x) + sq(s`y - thpp*vi`y) + sq(thpp)*sq(vo`x) + sq(thpp)*sq(vo`y) - sq(D) , A = 4*sq(thpp)*(sq(SSx) + sq(SSy)) , B = 4*(s`x - thpp*vi`x)*thpp*E , C = sq(E) - 4*sq(s`y - thpp*vi`y)*sq(thpp)*(sq(vo`x)+sq(vo`y)), voex = Pick_Root(root, A, B, C) IN A /= 0 AND discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) - sq(voex) >= 0 AND LET voey = sqrt(sq(vo`x) + sq(vo`y) - sq(voex)), voe = (# x:= voex, y:= voey, z:= vo`z #) IN ic_solution(s, voe, vo, vi, thpp, tr)(m) AND sign(-2 * (s`y - thpp*vi`y) * thpp * voey) = sign(E + 2 * (s`x - thpp*vi`x) * thpp * voex) in_circle_hd(s, vo, vi, tr) : set[solution] = LET v = vo - vi, m1 = in_circle_root(s, vo, vi, tr, TRUE), m2 = in_circle_root(s, vo, vi, tr, FALSE) IN union(m1, m2) % % % ---------------------------------------------------------------- % Out-Circle Algorithm % ---------------------------------------------------------------- % % oc_solution(s, voe, vo, vi, thp, tr) : set[solution] = LET v = vo - vi, sr = s + tr*v, ve = voe - vi, te = thp IN IF 0 < te AND te < tr THEN LET vorx = (te*voe`x - tr*vo`x)/(thp - tr), vory = (te*voe`y - tr*vo`y)/(thp - tr), vr = (# x:= vorx - vi`x, y:= vory - vi`y, z:= v`z #) IN IF exit?(s + thp * ve, ve) AND exit?(s + thp * ve, vr) THEN singleton((# ve:= ve, vr:= vr, te:=te #)) ELSE emptyset ENDIF ELSE emptyset ENDIF out_circle_root(s, vo, vi, tr, root) : set[solution] = LET v = vo - vi, sr = s + tr*v IN IF v`z /= 0 THEN LET thp = theta(-1,s`z,v`z) , SSx = s`x - thp * vi`x , SSy = s`y - thp * vi`y , E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) , A = 4*sq(thp)*(sq(SSx) + sq(SSy)) , B = 4*(s`x - thp*vi`x)*thp*E , C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN IF A /= 0 AND discr(A,B,C) >= 0 THEN LET voex = IF root THEN x1(A, B, C) ELSE x2(A, B, C) ENDIF IN IF sq(vo`x) + sq(vo`y) >= sq(voex) THEN LET voey = sqrt(sq(vo`x) + sq(vo`y) - sq(voex)) IN IF sign(-2 * (s`y - thp*vi`y) * thp * voey) = sign(E + 2 * (s`x - thp*vi`x) * thp * voex) THEN LET voe = (# x:= voex, y:= voey, z:= vo`z #) IN oc_solution(s, voe, vo, vi, thp, tr) ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF ELSE emptyset ENDIF out_circle_root_lem: LEMMA out_circle_root(s,vo,vi,tr,root)(m) IMPLIES LET v = vo - vi, sr = s + tr*v IN v`z /= 0 AND LET thp = theta(-1,s`z,v`z) , SSx = s`x - thp * vi`x , SSy = s`y - thp * vi`y , E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) , A = 4*sq(thp)*(sq(SSx) + sq(SSy)) , B = 4*(s`x - thp*vi`x)*thp*E , C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN A /= 0 AND discr(A,B,C) >= 0 AND LET voex = Pick_Root(root, A, B, C) IN sq(vo`x) + sq(vo`y) >= sq(voex) AND LET voey = sqrt(sq(vo`x) + sq(vo`y) - sq(voex)) IN sign(-2 * (s`y - thp*vi`y) * thp * voey) = sign(E + 2 * (s`x - thp*vi`x) * thp * voex) AND LET voe = (# x:= voex, y:= voey, z:= vo`z #) IN oc_solution(s, voe, vo, vi, thp, tr)(m) out_circle_hd(s, vo, vi, tr) : set[solution] = union( out_circle_root(s, vo, vi, tr, TRUE), out_circle_root(s, vo, vi, tr, FALSE)) % % % ---------------------------------------------------------------- % The Heading Only Algorithm % ---------------------------------------------------------------- % % hd_only_algo(s, vo, vi, tr) : set[solution] = union( line_line_hd(s, vo, vi, tr), union( line_circle_hd(s, vo, vi, tr), union( circle_line_hd(s, vo, vi, tr), union( circle_circle_hd(s, vo, vi, tr), union( in_circle_hd(s, vo, vi, tr), out_circle_hd(s, vo, vi, tr)))))) END hd_only_algo $$$hd_only_algo.prf (hd_only_algo (hd_solution_lem 0 (hd_solution_lem-1 nil 3311003092 3311679471 ("" (skosimp*) (("" (expand "hd_solution") (("" (expand "emptyset") (("" (expand "singleton") (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved ((hd_solution const-decl "set[solution]" hd_only_algo nil) (singleton const-decl "(singleton?)" sets nil) (emptyset const-decl "set" sets nil)) 92 50 t shostak)) (line_line_root_TCC1 0 (line_line_root_TCC1-1 nil 3287939637 3311679217 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 599 530 nil nil)) (line_line_root_TCC2 0 (line_line_root_TCC2-1 nil 3288110036 3311679218 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 841 770 t shostak)) (line_line_root_lem 0 (line_line_root_lem-1 nil 3311009878 3311679479 ("" (skosimp*) (("" (expand "line_line_root") (("" (auto-rewrite "emptyset") (("" (lemma "hd_solution_lem") (("" (assert :quant-simp? t) (("" (inst?) (("1" (ground) nil nil) ("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil) ("3" (flatten) (("3" (assert) nil nil)) nil) ("4" (assert) (("4" (ground) nil nil)) nil) ("5" (assert) (("5" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((line_line_root const-decl "set[solution]" hd_only_algo nil) (hd_solution_lem formula-decl nil hd_only_algo nil) (sr!1 skolem-const-decl "alpha_type" hd_only_algo nil) (vo!1 skolem-const-decl "Vect3" hd_only_algo nil) (vi!1 skolem-const-decl "Vect3" hd_only_algo nil) (root!1 skolem-const-decl "bool" hd_only_algo nil) (Pick_Root const-decl "real" common_defs nil) (s!1 skolem-const-decl "alpha_type" hd_only_algo nil) (eps!1 skolem-const-decl "Sign" hd_only_algo nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (alpha_calc const-decl "real" hd_only nil) (alpha_type type-eq-decl nil hd_only nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (/= const-decl "boolean" notequal nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (- const-decl "Vect3" Vectors nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (tr!1 skolem-const-decl "posreal" hd_only_algo nil) (solution type-eq-decl nil common_defs nil) (emptyset const-decl "set" sets nil)) 8690 8510 t nil)) (line_line_hd_TCC1 0 (line_line_hd_TCC1-1 nil 3287939637 3311679219 ("" (skosimp*) (("" (assert) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 926 830 nil nil)) (line_line_hd_TCC2 0 (line_line_hd_TCC2-1 nil 3311679214 3311680208 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 14286 1720 t nil)) (c_hd_solution_TCC1 0 (c_hd_solution_TCC1-1 nil 3287939637 3311679231 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (/= const-decl "boolean" notequal nil) (sq const-decl "nonneg_real" sq "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil)) 922 840 nil nil)) (c_hd_solution_TCC2 0 (c_hd_solution_TCC2-1 nil 3288110049 3311679231 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 308 280 t shostak)) (c_hd_solution_TCC3 0 (c_hd_solution_TCC3-1 nil 3288110058 3311679232 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 384 350 t shostak)) (c_hd_solution_lem_TCC1 0 (c_hd_solution_lem_TCC1-1 nil 3311081676 3311679240 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil)) 8388 680 nil nil)) (c_hd_solution_lem_TCC2 0 (c_hd_solution_lem_TCC2-1 nil 3311091140 3311679241 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil)) 1135 1040 nil nil)) (c_hd_solution_lem 0 (c_hd_solution_lem-1 nil 3311081690 3311679491 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (auto-rewrite "member") (("" (expand "c_hd_solution") (("" (expand "singleton") (("" (assert) (("" (flatten) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((c_hd_solution const-decl "set[solution]" hd_only_algo nil) (emptyset const-decl "set" sets nil) (singleton const-decl "(singleton?)" sets nil)) 574 530 t shostak)) (line_circle_root_TCC1 0 (line_circle_root_TCC1-1 nil 3288110064 3311679242 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 562 510 t shostak)) (line_circle_root_lem_TCC1 0 (line_circle_root_lem_TCC1-1 nil 3311520063 3311679251 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (D const-decl "posreal" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (emptyset const-decl "set" sets nil) (line_circle_root const-decl "set[solution]" hd_only_algo nil) (alpha_calc const-decl "real" hd_only nil) (sq const-decl "nonneg_real" sq "reals/") (discr const-decl "real" quadratic "reals/") (- const-decl "Vect3" Vectors nil) (/= const-decl "boolean" notequal nil)) 9822 9380 nil nil)) (line_circle_root_lem_TCC2 0 (line_circle_root_lem_TCC2-1 nil 3311520063 3311679255 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (D const-decl "posreal" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (/= const-decl "boolean" notequal nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (sq const-decl "nonneg_real" sq "reals/") (discr const-decl "real" quadratic "reals/") (- const-decl "Vect3" Vectors nil) (theta const-decl "real" criteria nil)) 3756 3540 nil nil)) (line_circle_root_lem 0 (line_circle_root_lem-1 nil 3311087379 3311679501 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (expand "line_circle_root") (("" (assert) (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved ((emptyset const-decl "set" sets nil) (line_circle_root const-decl "set[solution]" hd_only_algo nil)) 10771 10400 t shostak)) (line_circle_hd_TCC1 0 (line_circle_hd_TCC1-1 nil 3311679214 3311680226 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 12573 1850 t nil)) (circle_circle_root2_lem_TCC1 0 (circle_circle_root2_lem_TCC1-1 nil 3311338442 3311679258 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (emptyset const-decl "set" sets nil) (circle_circle_root2 const-decl "set[solution]" hd_only_algo nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (/= const-decl "boolean" notequal nil)) 880 780 nil nil)) (circle_circle_root2_lem 0 (circle_circle_root2_lem-1 nil 3311337842 3311679510 ("" (skosimp*) (("" (expand "circle_circle_root2") (("" (auto-rewrite "emptyset") (("" (assert) (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved ((circle_circle_root2 const-decl "set[solution]" hd_only_algo nil) (emptyset const-decl "set" sets nil)) 6758 6510 t shostak)) (circle_circle_root_TCC1 0 (circle_circle_root_TCC1-1 nil 3287939637 3311679259 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1341 1260 nil nil)) (circle_circle_root_lem 0 (circle_circle_root_lem-1 nil 3311356496 3311679530 ("" (skosimp*) (("" (expand "circle_circle_root") (("" (auto-rewrite "emptyset") (("" (assert) (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved ((circle_circle_root const-decl "set[solution]" hd_only_algo nil) (emptyset const-decl "set" sets nil)) 19924 19470 t shostak)) (cl_solution_TCC1 0 (cl_solution_TCC1-1 nil 3287939637 3311679260 ("" (skosimp*) (("" (assert) (("" (prop) (("" (replace -1) (("" (expand "sq") (("" (case "sr!1`x=0") (("1" (assert) nil nil) ("2" (case "sr!1`y=0") (("1" (propax) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (sq const-decl "nonneg_real" sq "reals/")) 993 930 nil nil)) (cl_solution_TCC2 0 (cl_solution_TCC2-1 nil 3287939637 3311679261 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1376 1280 nil nil)) (circle_line_root_lem 0 (circle_line_root_lem-2 nil 3311591140 3311679549 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (expand "circle_line_root") (("" (assert :quant-simp? t) (("" (ground) nil nil)) nil)) nil)) nil)) nil) proved ((emptyset const-decl "set" sets nil) (circle_line_root const-decl "set[solution]" hd_only_algo nil)) 19272 18900 nil nil) (circle_line_root_lem-1 nil 3311590515 3311591122 ("" (skosimp*) (("" (expand "circle_line_root") (("" (assert :quant-simp? t) (("" (ground) (("1" (postpone) nil nil) ("2" (postpone) nil nil) ("3" (postpone) nil nil) ("4" (postpone) nil nil) ("5" (postpone) nil nil) ("6" (postpone) nil nil) ("7" (postpone) nil nil) ("8" (postpone) nil nil) ("9" (postpone) nil nil) ("10" (postpone) nil nil)) nil)) nil)) nil)) nil) unfinished nil 84844 42960 t shostak)) (ic_solution_TCC1 0 (ic_solution_TCC1-1 nil 3287939637 3311679261 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 107 110 nil nil)) (ic_solution_TCC2 0 (ic_solution_TCC2-1 nil 3288110075 3311679262 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 380 340 t shostak)) (in_circle_root_TCC1 0 (in_circle_root_TCC1-1 nil 3287939637 3311679263 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1238 1160 nil nil)) (in_circle_root_lem 0 (in_circle_root_lem-3 nil 3311504259 3311679587 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (expand "in_circle_root") (("" (expand "Pick_Root") (("" (lift-if) (("" (case "root!1") (("1" (assert) (("1" (ground) nil nil)) nil) ("2" (assert) (("2" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((Pick_Root const-decl "real" common_defs nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sq_0 formula-decl nil sq "reals/") (emptyset const-decl "set" sets nil) (in_circle_root const-decl "set[solution]" hd_only_algo nil)) 38081 37090 nil nil) (in_circle_root_lem-2 nil 3311503404 3311504095 ("" (skosimp*) (("" (expand "in_circle_root") (("" (expand "Pick_Root") (("" (lift-if) (("" (case "root!1") (("1" (assert) (("1" (ground) (("1" (expand "-") (("1" (assert) (("1" (postpone) nil nil)) nil)) nil) ("2" (postpone) nil nil) ("3" (postpone) nil nil) ("4" (postpone) nil nil) ("5" (postpone) nil nil) ("6" (postpone) nil nil) ("7" (postpone) nil nil) ("8" (postpone) nil nil) ("9" (postpone) nil nil) ("10" (postpone) nil nil) ("11" (postpone) nil nil) ("12" (postpone) nil nil) ("13" (postpone) nil nil) ("14" (postpone) nil nil) ("15" (postpone) nil nil) ("16" (postpone) nil nil) ("17" (postpone) nil nil) ("18" (postpone) nil nil) ("19" (postpone) nil nil) ("20" (postpone) nil nil) ("21" (postpone) nil nil) ("22" (postpone) nil nil) ("23" (postpone) nil nil) ("24" (postpone) nil nil) ("25" (postpone) nil nil) ("26" (postpone) nil nil) ("27" (postpone) nil nil) ("28" (postpone) nil nil) ("29" (postpone) nil nil) ("30" (postpone) nil nil) ("31" (postpone) nil nil) ("32" (postpone) nil nil) ("33" (postpone) nil nil)) nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 689689 416900 nil nil) (in_circle_root_lem-1 nil 3311501777 3311503363 ("" (skosimp*) (("" (expand "in_circle_root") (("" (expand "Pick_Root") (("" (lift-if) (("" (case "root!1") (("1" (assert) (("1" (ground) (("1" (postpone) nil nil) ("2" (postpone) nil nil) ("3" (postpone) nil nil) ("4" (postpone) nil nil) ("5" (postpone) nil nil) ("6" (postpone) nil nil) ("7" (postpone) nil nil) ("8" (postpone) nil nil) ("9" (postpone) nil nil) ("10" (postpone) nil nil) ("11" (postpone) nil nil) ("12" (postpone) nil nil) ("13" (postpone) nil nil) ("14" (postpone) nil nil) ("15" (postpone) nil nil) ("16" (postpone) nil nil) ("17" (postpone) nil nil) ("18" (postpone) nil nil) ("19" (postpone) nil nil) ("20" (postpone) nil nil) ("21" (postpone) nil nil) ("22" (postpone) nil nil) ("23" (postpone) nil nil) ("24" (postpone) nil nil) ("25" (postpone) nil nil) ("26" (postpone) nil nil) ("27" (postpone) nil nil) ("28" (postpone) nil nil) ("29" (postpone) nil nil) ("30" (postpone) nil nil) ("31" (postpone) nil nil) ("32" (postpone) nil nil) ("33" (postpone) nil nil)) nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 237646 70480 t shostak)) (oc_solution_TCC1 0 (oc_solution_TCC1-1 nil 3287939637 3311679263 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 106 100 nil nil)) (oc_solution_TCC2 0 (oc_solution_TCC2-1 nil 3288110080 3311679263 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 378 350 t shostak)) (out_circle_root_TCC1 0 (out_circle_root_TCC1-1 nil 3311356674 3311679265 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1208 1180 t nil)) (out_circle_root_lem 0 (out_circle_root_lem-1 nil 3311521198 3311680117 ("" (skosimp*) (("" (assert) (("" (auto-rewrite "emptyset") (("" (auto-rewrite "member") (("" (expand "out_circle_root") (("" (lift-if) (("" (expand "Pick_Root") (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((emptyset const-decl "set" sets nil) (Pick_Root const-decl "real" common_defs nil) (out_circle_root const-decl "set[solution]" hd_only_algo nil)) 529843 515930 t shostak))) $$$rr3d_algo.pvs rr3d_algo: THEORY BEGIN IMPORTING common_defs, gs_only_algo, vert_only_algo, hd_only_algo s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity tr : VAR posreal % Recovery time % % % ---------------------------------------------------------------- % The RR3D Algorithm % ---------------------------------------------------------------- % % rr3d_algo(s, vo, vi, tr) : set[solution] = union( vert_only_algo(s, vo, vi, tr), union(gs_only_algo(s, vo, vi, tr), hd_only_algo(s, vo, vi, tr))) END rr3d_algo $$$extra_hd.pvs extra_hd: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape maneuver sr : VAR Vect3 % Relative position at the end of the escape maneuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign thpp: VAR real thpp_tr_lem: LEMMA v`z /= 0 AND thpp = theta(1,s`z,v`z) AND 0 < thpp AND thpp < tr AND sr = s + tr*v IMPLIES (H < sr`z) OR (sr`z < -H) llhd_escape_A: THEOREM % THIS C ASE WILL NOT BE USED IN ALGORITHM ve = voe - vi AND voe`x = vi`x AND % COMPUTED VALUE voe`y = vi`y AND % COMPUTED VALUE hor_speed_gt_0?(ve) % TEST AFTER COMPUTATION IMPLIES separation?(s,ve) llhd_recovery_A: THEOREM hor_speed_gt_0?(vr) AND % TEST CONDITION AFTER COMPUTATION te * ve`y = tr * v`y AND % TEST CONDITION ve`x /= 0 AND % TEST CONDITION te = tr*v`x/ve`x AND % COMPUTED VALUE vr`x = 0 AND % COMPUTED VALUE vr`y = 0 AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) END extra_hd $$$extra_hd.prf (|extra_hd| (|thpp_tr_lem| "" (SKOSIMP*) (("" (EXPAND "theta") (("" (CROSS-MULT -1) (("" (REPLACE -4) (("" (HIDE -4) (("" (CASE "v!1`z > 0") (("1" (EXPAND "sign") (("1" (ASSERT) (("1" (MULT-BY -4 "v!1`z") (("1" (GROUND) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "sign") (("2" (ASSERT) (("2" (MULT-BY -3 "-v!1`z") (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|llhd_escape_A| "" (SKOSIMP*) (("" (LEMMA "separation_lem") (("" (INST -1 "s!1" "tau(s!1,ve!1)" "ve!1") (("" (ASSERT) (("" (HIDE 2) (("" (LEMMA "line_case_correctness") (("" (INST?) (("" (ASSERT) (("" (HIDE 2) (("" (LEMMA "tau_is_tangent_pt") (("" (INST?) (("" (EXPAND "at") (("" (HIDE 2) (("" (EXPAND "tan_condition?") (("" (CASE-REPLACE "ve!1`x = 0") (("1" (REWRITE "sq_0") (("1" (ASSERT) (("1" (REPLACE -2) (("1" (HIDE-ALL-BUT (-4 1)) (("1" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE-ALL-BUT (-1 -5 1)) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|llhd_recovery_A| "" (SKOSIMP*) (("" (NAME "SR" "s!1 + tr!1*v!1") (("" (CASE-REPLACE "s!1 + te!1*ve!1 = SR - (tr!1-te!1)*vr!1") (("1" (HIDE -1) (("1" (LEMMA "separation_lem") (("1" (INST -1 "SR - (tr!1 - te!1) * vr!1" "tr!1-te!1+tau(SR,vr!1)" "vr!1") (("1" (ASSERT) (("1" (HIDE 3) (("1" (CASE-REPLACE "SR - (tr!1 - te!1) * vr!1 + (tau(SR, vr!1) - te!1 + tr!1) * vr!1 = SR + tau(SR, vr!1) * vr!1") (("1" (HIDE -1) (("1" (LEMMA "line_case_correctness") (("1" (INST?) (("1" (ASSERT) (("1" (HIDE 2) (("1" (LEMMA "tau_is_tangent_pt") (("1" (INST -1 "SR" "vr!1") (("1" (ASSERT) (("1" (EXPAND "at") (("1" (HIDE 2) (("1" (EXPAND "tan_condition?") (("1" (REPLACE -5) (("1" (REPLACE -6) (("1" (EXPAND "sq") (("1" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE-ALL-BUT 1) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE -2 3) (("2" (GRIND) NIL NIL)) NIL)) NIL)) NIL)) NIL)) $$$out_circle_hd_comb.pvs out_circle_hd_comb: THEORY BEGIN IMPORTING criteria, common_defs, out_circle_hd vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship escape velocity vor : VAR Vect3 % Ownship recovery velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thp,SSx,SSy: VAR real ochd: THEOREM v = vo - vi AND ve = voe - vi AND vr = vor - vi AND sr = s + tr*v AND v`z /= 0 AND % TEST CONDITION thp = theta(-1,s`z,v`z) AND % CALCULATION SSx = s`x - thp * vi`x AND % CALCULATION SSy = s`y - thp * vi`y AND % CALCULATION A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND % CALCULATION B = 4*(s`x - thp*vi`x)*thp*E AND % CALCULATION C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND % CALCULATION exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = % TEST AFTER COMPUTATION sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND te = thp AND % COMPUTED VALUE % 0 < thp AND % TEST AFTER COMPUTATION thp < tr AND % TEST AFTER COMPUTATION exit?(s + thp * ve, vr) AND % TEST AFTER COMPUTATION % (sr`z - (tr - te) * vr`z) * vr`z <= 0 AND % TEST AFTER COMPUTATION vor`x = (te*voe`x - tr*vo`x)/(thp - tr) AND % COMPUTED VALUE vor`y = (te*voe`y - tr*vo`y)/(thp - tr) AND % COMPUTED VALUE vr`z = v`z IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr root: VAR bool ochd_pred(s,te,tr,v,ve,vr,vi,vo,voe,vor,root): bool = v = vo - vi AND ve = voe - vi AND vr = vor - vi AND v`z /= 0 AND % TEST CONDITION LET thp = theta(-1,s`z,v`z) , % CALCULATION SSx = s`x - thp * vi`x , % CALCULATION SSy = s`y - thp * vi`y , % CALCULATION E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) , % CALCULATION A = 4*sq(thp)*(sq(SSx) + sq(SSy)) , % CALCULATION B = 4*(s`x - thp*vi`x)*thp*E , % CALCULATION C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION voe`x = Pick_Root(root,A,B,C) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = % TEST AFTER COMPUTATION sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND te = thp AND % COMPUTED VALUE % 0 < thp AND % TEST AFTER COMPUTATION thp < tr AND % TEST AFTER COMPUTATION exit?(s + thp * ve, vr) AND % TEST AFTER COMPUTATION % (sr`z - (tr - te) * vr`z) * vr`z <= 0 AND % TEST AFTER COMPUTATION vor`x = (te*voe`x - tr*vo`x)/(thp - tr) AND % COMPUTED VALUE vor`y = (te*voe`y - tr*vo`y)/(thp - tr) AND % COMPUTED VALUE vr`z = v`z ochd_pred: LEMMA ochd_pred(s,te,tr,v,ve,vr,vi,vo,voe,vor,root) IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr END out_circle_hd_comb $$$out_circle_hd_comb.prf (out_circle_hd_comb (ochd_TCC1 0 (ochd_TCC1-1 nil 3287939634 3311527016 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1116 1040 nil nil)) (ochd_TCC2 0 (ochd_TCC2-1 nil 3287939634 3311527018 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1611 1520 nil nil)) (ochd 0 (ochd-1 nil 3287939634 3311527024 ("" (skosimp*) (("" (split +) (("1" (lemma "circle_escape") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "ochd_recovery") (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (inst -1 "_" "voe!1") (("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("3" (lemma "cir_hd_only") (("3" (inst?) (("3" (inst -1 "ve!1" "voe!1") (("3" (assert) nil nil)) nil)) nil)) nil) ("4" (lemma "basic_timeliness") (("4" (inst?) (("4" (lemma "vor_timeliness") (("4" (inst?) (("4" (inst?) (("4" (inst?) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (circle_escape formula-decl nil hd_only nil) (ochd_recovery formula-decl nil out_circle_hd nil) (cir_hd_only formula-decl nil hd_only nil) (vor_timeliness formula-decl nil timeliness nil) (basic_timeliness formula-decl nil timeliness nil)) 6261 5990 t nil)) (ochd_pred_TCC1 0 (ochd_pred_TCC1-1 nil 3311523245 3311527291 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 40472 1650 t nil)) (ochd_pred_TCC2 0 (ochd_pred_TCC2-1 nil 3311523245 3311527684 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 6172 2260 t nil)) (ochd_pred 0 (ochd_pred-2 nil 3311523630 3311527242 ("" (skosimp*) (("" (lemma "ochd") (("" (assert :quant-simp? t) (("" (inst - "s!1" "tr!1" "vi!1" "vo!1" "voe!1" "vor!1") (("" (assert :quant-simp? t) (("" (expand "ochd_pred") (("" (flatten) (("" (expand "Pick_Root") (("" (assert) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished ((Pick_Root const-decl "real" common_defs nil) (ochd_pred const-decl "bool" out_circle_hd_comb nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (ochd formula-decl nil out_circle_hd_comb nil)) 3259 260 t nil) (ochd_pred-1 nil 3311523258 3311523601 ("" (skosimp*) (("" (lemma "ochd") (("" (assert :quant-simp? t) (("" (inst - "s!1" "tr!1" "vi!1" "vo!1" "voe!1" "vor!1") (("" (assert :quant-simp? t) (("" (expand "ochd_pred") (("" (flatten) (("" (assert) (("" (case-replace "voe!1 - vi!1 = ve!1") (("1" (case-replace "vo!1 - vi!1 = v!1") (("1" (assert) (("1" (postpone) nil nil)) nil) ("2" (postpone) nil nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 343537 55380 t shostak))) $$$in_circle_hd_comb.pvs in_circle_hd_comb: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship escape velocity vor : VAR Vect3 % Ownship recovery velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thpp,SSx,SSy: VAR real ichd: THEOREM v = vo - vi AND ve = voe - vi AND vr = vor - vi AND % sr = s + tr*v AND v`z /= 0 AND % TEST CONDITION thpp = theta(1,s`z,v`z) AND % CALCULATION SSx = s`x - thpp * vi`x AND % CALCULATION SSy = s`y - thpp * vi`y AND % CALCULATION A = 4*sq(thpp)*(sq(SSx) + sq(SSy)) AND % CALCULATION B = 4*(s`x - thpp*vi`x)*thpp*E AND % CALCULATION C = sq(E) - 4*sq(s`y - thpp*vi`y)*sq(thpp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thpp*vi`x) + sq(s`y - thpp*vi`y) + sq(thpp)*sq(vo`x) + sq(thpp)*sq(vo`y) - sq(D) AND entry?(s + thpp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE % ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thpp*vi`y) * thpp * voe`y) = % TEST AFTER COMPUTATION sign(E + 2 * (s`x - thpp*vi`x) * thpp * voe`x) AND te = thpp AND % COMPUTED VALUE % 0 < thpp AND % TEST AFTER COMPUTATION thpp < tr AND % TEST AFTER COMPUTATION vor`x = (te*voe`x - tr*vo`x)/(thpp - tr) AND % COMPUTED VALUE vor`y = (te*voe`y - tr*vo`y)/(thpp - tr) AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s,ve) AND heading_only?(vo,voe) AND separation_pos?(s+te*ve,vr) AND s + tr * v = s + te*ve + (tr-te)*vr root: VAR bool ichd_pred(s,te,tr,v,ve,vr,vi,vo,voe,vor,root): bool = v = vo - vi AND ve = voe - vi AND vr = vor - vi AND v`z /= 0 AND % TEST CONDITION LET thpp = theta(1,s`z,v`z) , % CALCULATION SSx = s`x - thpp * vi`x , % CALCULATION SSy = s`y - thpp * vi`y , % CALCULATION E = sq(s`x - thpp*vi`x) + sq(s`y - thpp*vi`y) + sq(thpp)*sq(vo`x) + sq(thpp)*sq(vo`y) - sq(D), A = 4*sq(thpp)*(sq(SSx) + sq(SSy)) , % CALCULATION B = 4*(s`x - thpp*vi`x)*thpp*E , % CALCULATION C = sq(E) - 4*sq(s`y - thpp*vi`y)*sq(thpp)*(sq(vo`x)+sq(vo`y)) IN entry?(s + thpp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION voe`x = Pick_Root(root,A,B,C) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE sign(-2*(s`y - thpp*vi`y) * thpp * voe`y) = % TEST AFTER COMPUTATION sign(E + 2 * (s`x - thpp*vi`x) * thpp * voe`x) AND te = thpp AND % COMPUTED VALUE thpp < tr AND % TEST AFTER COMPUTATION vor`x = (te*voe`x - tr*vo`x)/(thpp - tr) AND % COMPUTED VALUE vor`y = (te*voe`y - tr*vo`y)/(thpp - tr) AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE ichd_pred: LEMMA ichd_pred(s,te,tr,v,ve,vr,vi,vo,voe,vor,root) IMPLIES separation?(s,ve) AND heading_only?(vo,voe) AND separation_pos?(s+te*ve,vr) AND s + tr * v = s + te*ve + (tr-te)*vr END in_circle_hd_comb $$$in_circle_hd_comb.prf (in_circle_hd_comb (ichd_TCC1 0 (ichd_TCC1-1 nil 3287939634 3311443383 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1069 980 nil nil)) (ichd_TCC2 0 (ichd_TCC2-1 nil 3287939634 3311443385 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1574 1450 nil nil)) (ichd 0 (ichd-1 nil 3287939634 3311443390 ("" (skosimp*) (("" (split +) (("1" (lemma "circle_escape") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "cir_hd_only") (("2" (inst?) (("2" (inst -1 "ve!1" "voe!1") (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (lemma "in_circle_recovery") (("3" (inst?) (("3" (inst?) (("3" (assert) (("3" (replace -2) (("3" (replace -3) (("3" (replace -1) (("3" (expand "-") (("3" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("4" (lemma "vor_timeliness") (("4" (inst?) (("4" (inst?) (("4" (inst -1 "vi!1" "vor!1") (("4" (assert) (("4" (replace -2) (("4" (replace -1) (("4" (expand "-") (("4" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (circle_escape formula-decl nil hd_only nil) (cir_hd_only formula-decl nil hd_only nil) (- const-decl "Vect3" Vectors nil) (in_circle_recovery formula-decl nil hd_only nil) (vor_timeliness formula-decl nil timeliness nil)) 5071 4790 nil nil)) (ichd_pred_TCC1 0 (ichd_pred_TCC1-1 nil 3311438276 3311499543 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 8577 2090 t nil)) (ichd_pred_TCC2 0 (ichd_pred_TCC2-1 nil 3311438276 3311499556 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 8325 2760 t nil)) (ichd_pred 0 (ichd_pred-2 nil 3311439397 3311439827 ("" (skosimp*) (("" (lemma "ichd") (("" (assert :quant-simp? t) (("" (assert :quant-simp? t) (("" (inst - "s!1" "tr!1" "vi!1" "vo!1" "voe!1" "vor!1") (("" (case "theta(1, s!1`z, (vo!1 - vi!1)`z) = te!1 AND vor!1 - vi!1 = vr!1 AND vo!1 - vi!1 = v!1 AND voe!1 - vi!1 = ve!1") (("1" (flatten) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (name-replace "CCCCCC" "separation?(s!1, ve!1) AND heading_only?(vo!1, voe!1) AND separation_pos?(s!1 + te!1 * ve!1, vr!1) AND s!1 + tr!1 * v!1 = s!1 + te!1 * ve!1 + (tr!1 - te!1) * vr!1") (("1" (assert) (("1" (hide 2) (("1" (expand "ichd_pred") (("1" (flatten) (("1" (assert) (("1" (expand "Pick_Root") (("1" (lift-if) (("1" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -1 2) (("2" (expand "ichd_pred") (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (hide -1) (("3" (hide 2) (("3" (expand "ichd_pred") (("3" (flatten) (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (ichd_pred const-decl "bool" in_circle_hd_comb nil) (Pick_Root const-decl "real" common_defs nil) (separation? const-decl "bool" criteria nil) (heading_only? const-decl "bool" common_defs nil) (separation_pos? const-decl "bool" hd_only nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (bool nonempty-type-eq-decl nil booleans nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (- const-decl "Vect3" Vectors nil) (ichd formula-decl nil in_circle_hd_comb nil)) 428313 126950 t nil) (ichd_pred-1 nil 3311438281 3311439364 ("" (skosimp*) (("" (lemma "ichd") (("" (assert :quant-simp? t) (("" (assert :quant-simp? t) (("" (inst - "s!1" "tr!1" "vi!1" "vo!1" "voe!1" "vor!1") (("" (case-replace "theta(1, s!1`z, (vo!1 - vi!1)`z) = te!1") (("1" (case "theta(1, s!1`z, (vo!1 - vi!1)`z) = te!1 AND vor!1 - vi!1 = vr!1 AND vo!1 - vi!1 = v!1 AND voe!1 - vi!1 = ve!1") (("1" (flatten) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (name-replace "CCCCCC" "separation?(s!1, ve!1) AND heading_only?(vo!1, voe!1) AND separation_pos?(s!1 + te!1 * ve!1, vr!1) AND s!1 + tr!1 * v!1 = s!1 + te!1 * ve!1 + (tr!1 - te!1) * vr!1") (("1" (assert) (("1" (hide 2) (("1" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -2 2) (("2" (postpone) nil nil)) nil)) nil) ("2" (postpone) nil nil) ("3" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 302645 14980 t shostak))) $$$circle_circle_hd_comb.pvs circle_circle_hd_comb: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thp,tpp,SSx,SSy, Ax, Ay, B_x, B_y: VAR real %% ESCAPE same as circle_line escape case. %% CHECK INTO extra tests abs(s`z) > H or abs(sr`z) > H cchd: THEOREM v = vo - vi AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND % TEST CONDITION thp = theta(-1,s`z,v`z) AND % CALCULATION SSx = s`x - thp * vi`x AND % CALCULATION SSy = s`y - thp * vi`y AND % CALCULATION A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND % CALCULATION B = 4*(s`x - thp*vi`x)*thp*E AND % CALCULATION C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND exit?(s + thp * ve, ve) AND % TEST AFTER COMPUTATION A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE % ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = % TEST AFTER COMPUTATION sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION v`z /= 0 AND % For theta TCC tpp = theta(1,s`z,v`z) AND % tau(s,ve) < tpp AND % TEST CONDITION % tpp < tr AND % TEST CONDITION Ax = sr`x + (tpp - tr)*ve`x AND % CALCULATION Ay = sr`y + (tpp - tr)*ve`y AND % CALCULATION B_x = (s`x+tpp*v`x) AND % CALCULATION B_y = (s`y+tpp*v`y) AND % CALCULATION sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND ( te = x1(sq(Ax) + sq(Ay) - sq(D), % COMPUTED VALUE 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) OR te = x2(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) ) AND te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE % (sr`x + (tpp - tr) * vr`x) * vr`x + % POST COMPUTATION TEST % (sr`y + (tpp - tr) * vr`y) * vr`y <= 0 entry?(sr+(tpp-tr)*vr,vr) IMPLIES separation?(s,ve) AND heading_only?(vo,voe) AND separation?(s+te*ve,vr) AND s + tr * v = s + te*ve + (tr-te)*vr root, root2: VAR bool cchd_pred(root, root2, s, sr, te, tr, v, ve, vi, vo, voe, vr): bool = ((vo-vi)`z /= 0 AND % TEST CONDITION v = vo - vi AND ve = voe - vi AND sr = s + tr*v AND LET thp = theta(-1,s`z,v`z) , % CALCULATION SSx = s`x - thp * vi`x , % CALCULATION SSy = s`y - thp * vi`y , % CALCULATION A = 4*sq(thp)*(sq(SSx) + sq(SSy)) , % CALCULATION E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D), B = 4*(s`x - thp*vi`x)*thp*E , % CALCULATION C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN exit?(s + thp * ve, ve) AND % TEST AFTER COMPUTATION A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION voe`x = Pick_Root(root,A,B,C) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = % TEST AFTER COMPUTATION sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION LET tpp = theta(1,s`z,v`z) , % CALCULATION Ax = sr`x + (tpp - tr)*ve`x , % CALCULATION Ay = sr`y + (tpp - tr)*ve`y , % CALCULATION B_x = (s`x+tpp*v`x) , % CALCULATION B_y = (s`y+tpp*v`y) , % CALCULATION a2 = sq(Ax) + sq(Ay) - sq(D), b2 = 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, c2 = sq(tr) * (sq(B_x) + sq(B_y) - sq(D)) IN a2 /= 0 AND % TEST CONDITION discr(a2, b2, c2) >= 0 AND % TEST CONDITION te = Pick_Root(root2,a2,b2,c2) AND % COMPUTED VALUE te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE entry?(sr+(tpp-tr)*vr,vr) ) % cchd_pred(root, root2, s, sr, te, tpp, tr, v, ve, vi, vo, voe, vr, % thp,SSx,SSy,A,B,C,E,Ax,Ay,B_x,B_y): bool = % v = vo - vi AND % ve = voe - vi AND % sr = s + tr*v AND % v`z /= 0 AND % TEST CONDITION % thp = theta(-1,s`z,v`z) AND % CALCULATION % SSx = s`x - thp * vi`x AND % CALCULATION % SSy = s`y - thp * vi`y AND % CALCULATION % A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND % CALCULATION % B = 4*(s`x - thp*vi`x)*thp*E AND % CALCULATION % C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND % E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) % + sq(thp)*sq(vo`y) - sq(D) AND % exit?(s + thp * ve, ve) AND % TEST AFTER COMPUTATION % A /= 0 AND % TEST AFTER COMPUTATION % discr(A,B,C) >= 0 AND % TEST AFTER COMPUTATION % sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST AFTER COMPUTATION % voe`x = Pick_Root(root,A,B,C) AND % COMPUTED VALUE % voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE % voe`z = vo`z AND % COMPUTED VALUE % sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = % TEST AFTER COMPUTATION % sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND % hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION % v`z /= 0 AND % For theta TCC % tpp = theta(1,s`z,v`z) AND % Ax = sr`x + (tpp - tr)*ve`x AND % CALCULATION % Ay = sr`y + (tpp - tr)*ve`y AND % CALCULATION % B_x = (s`x+tpp*v`x) AND % CALCULATION % B_y = (s`y+tpp*v`y) AND % CALCULATION % sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION % discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION % 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, % sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) % >= 0 AND % te = Pick_Root(root2,sq(Ax) + sq(Ay) - sq(D), % COMPUTED VALUE % 2*tr*(sq(D) - Ax*B_x - Ay*B_y), % sq(tr)*(sq(B_x)+sq(B_y)-sq(D))) AND % te /= tr AND % POST COMPUTATION TEST % vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE % vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE % ve`z = v`z AND % COMPUTED VALUE % vr`z = v`z AND % COMPUTED VALUE % entry?(sr+(tpp-tr)*vr,vr) cchd_pred: THEOREM cchd_pred(root,root2,s,sr,te,tr,v,ve,vi,vo,voe,vr) % cchd_pred(root,root2,s,sr,te,tpp,tr,v,ve,vi,vo,voe,vr, % thp,SSx,SSy,A,B,C,E,Ax,Ay,B_x,B_y) IMPLIES separation?(s,ve) AND heading_only?(vo,voe) AND separation?(s+te*ve,vr) AND s + tr * v = s + te*ve + (tr-te)*vr END circle_circle_hd_comb $$$circle_circle_hd_comb.prf (circle_circle_hd_comb (cchd_TCC1 0 (cchd_TCC1-1 nil 3287939635 3311415422 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 2311 2170 nil nil)) (cchd_TCC2 0 (cchd_TCC2-1 nil 3287939635 3311415427 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 5457 5190 nil nil)) (cchd_TCC3 0 (cchd_TCC3-1 nil 3287939635 3311415433 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 5228 4960 nil nil)) (cchd 0 (cchd-1 nil 3287939635 3311415458 ("" (skosimp*) (("" (split +) (("1" (lemma "circle_escape") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "cir_hd_only") (("2" (inst?) (("2" (inst -1 "ve!1" "voe!1") (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (lemma "circle_recovery") (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("4" (lemma "basic_timeliness") (("4" (inst?) (("4" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (circle_escape formula-decl nil hd_only nil) (cir_hd_only formula-decl nil hd_only nil) (circle_recovery formula-decl nil hd_only nil) (basic_timeliness formula-decl nil timeliness nil)) 25683 24930 nil nil)) (cchd_pred_TCC1 0 (cchd_pred_TCC1-1 nil 3311094969 3311415458 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 143 100 t nil)) (cchd_pred_TCC2 0 (cchd_pred_TCC2-1 nil 3311094969 3311415461 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 2412 2260 t nil)) (cchd_pred_TCC3 0 (cchd_pred_TCC3-1 nil 3311340339 3311415646 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 15923 5950 t nil)) (cchd_pred 0 (cchd_pred-4 nil 3311333335 3311342022 ("" (skosimp*) (("" (lemma "cchd") (("" (inst?) (("" (assert :quant-simp? t) (("" (inst - "vi!1") (("" (name-replace "CONCL" " separation?(s!1, ve!1) AND heading_only?(vo!1, voe!1) AND separation?(s!1 + te!1 * ve!1, vr!1) AND s!1 + tr!1 * v!1 = s!1 + te!1 * ve!1 + (tr!1 - te!1) * vr!1") (("" (assert) (("" (hide 2) (("" (expand "cchd_pred") (("" (flatten) (("" (assert) (("" (expand "Pick_Root") (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (cchd_pred const-decl "bool" circle_circle_hd_comb nil) (Pick_Root const-decl "real" common_defs nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (heading_only? const-decl "bool" common_defs nil) (separation? const-decl "bool" criteria nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (cchd formula-decl nil circle_circle_hd_comb nil)) 1677526 107320 t nil) (cchd_pred-3 nil 3311095491 3311333307 ("" (skosimp*) (("" (lemma "cchd") (("" (inst?) (("" (assert :quant-simp? t) (("" (inst - "vi!1") (("" (name-replace "CONCL" " separation?(s!1, ve!1) AND heading_only?(vo!1, voe!1) AND separation?(s!1 + te!1 * ve!1, vr!1) AND s!1 + tr!1 * v!1 = s!1 + te!1 * ve!1 + (tr!1 - te!1) * vr!1") (("" (assert) (("" (hide 2) (("" (expand "cchd_pred") (("" (flatten) (("" (assert) (("" (expand "Pick_Root") (("" (case "root!1") (("1" (replace -4 * rl) (("1" (replace -5 * rl) (("1" (replace -6 * rl) (("1" (replace -7 * rl) (("1" (replace -8 * rl) (("1" (replace -11 * rl) (("1" (replace -19 * rl) (("1" (replace -20 * rl) (("1" (replace -21 * rl) (("1" (replace -22 * rl) (("1" (replace -23 * rl) (("1" (replace -28 * rl) (("1" (replace -29 * rl) (("1" (lift-if) (("1" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (postpone) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished nil 1103801 183060 t nil) (cchd_pred-2 nil 3311095120 3311095482 ("" (skosimp*) (("" (split +) (("1" (lemma "circle_escape") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) nil))))))))))))) ("2" (lemma "cir_hd_only") (("2" (inst?) (("2" (inst -1 "ve!1" "voe!1") (("2" (assert) nil))))))) ("3" (lemma "circle_recovery") (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (assert) nil))))))))))))) ("4" (lemma "basic_timeliness") (("4" (inst?) (("4" (assert) nil)))))))) nil) unfinished nil 105788 57110 t nil) (cchd_pred-1 nil 3311094134 3311094503 ("" (postpone) nil nil) unfinished nil 369513 670 t shostak))) $$$circle_line_hd_comb.pvs circle_line_hd_comb: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thp,SSx,SSy,alpha2: VAR real clhd: THEOREM v = vo - vi AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND % TEST CONDITION thp = theta(-1,s`z,v`z) AND % CALCULATION SSx = s`x - thp * vi`x AND % CALCULATION SSy = s`y - thp * vi`y AND % CALCULATION A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND % CALCULATION B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST discr(A,B,C) >= 0 AND % TEST sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION alpha2 = alpha_calc(eps,sr) AND % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr root: VAR bool clhd_pred(eps, s, sr, v, ve, te, tr, vi, vo, voe, vr, root): bool = v = vo - vi AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND % TEST CONDITION LET thp = theta(-1,s`z,v`z) , % CALCULATION SSx = s`x - thp * vi`x , % CALCULATION SSy = s`y - thp * vi`y , % CALCULATION E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) , A = 4*sq(thp)*(sq(SSx) + sq(SSy)) , % CALCULATION B = 4*(s`x - thp*vi`x)*thp*E , C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) IN exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST discr(A,B,C) >= 0 AND % TEST sq(vo`x) + sq(vo`y) >= sq(voe`x) AND % TEST voe`x = Pick_Root(root,A,B,C) AND % COMPUTED VALUE voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND % COMPUTED VALUE voe`z = vo`z AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION LET alpha2 = alpha_calc(eps,sr) IN % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE clhd_pred: LEMMA clhd_pred(eps,s,sr,v,ve,te,tr,vi,vo,voe,vr,root) IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr END circle_line_hd_comb $$$circle_line_hd_comb.prf (circle_line_hd_comb (clhd_TCC1 0 (clhd_TCC1-1 nil 3287939634 3311589899 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 3607 1880 t nil)) (clhd_TCC2 0 (clhd_TCC2-1 nil 3287939634 3311589952 ("" (skosimp*) (("" (assert) (("" (ground) (("1" (expand "sq" -1) (("1" (assert) nil nil)) nil) ("2" (expand "sq" -1) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((sq const-decl "nonneg_real" sq "reals/")) 40901 11000 t nil)) (clhd_TCC3 0 (clhd_TCC3-1 nil 3287939634 3311589964 ("" (skosimp*) (("" (assert) (("" (assert) nil nil)) nil)) nil) proved nil 6776 5090 t nil)) (clhd 0 (clhd-1 nil 3287939634 3288112695 ("" (skosimp*) (("" (split +) (("1" (lemma "circle_escape") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "line_recovery") (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (assert) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("3" (lemma "cir_hd_only") (("3" (inst?) (("3" (inst -1 "ve!1" "voe!1") (("3" (assert) nil nil)) nil)) nil)) nil) ("4" (lemma "alpha_timeliness") (("4" (inst?) (("4" (inst?) (("4" (assert) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) unfinished ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (circle_escape formula-decl nil hd_only nil) (line_recovery formula-decl nil hd_only nil) (cir_hd_only formula-decl nil hd_only nil) (alpha_timeliness formula-decl nil timeliness nil)) 52604 15810 t nil)) (clhd_pred_TCC1 0 (clhd_pred_TCC1-1 nil 3311589003 3311589976 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 6204 1900 t nil)) (clhd_pred_TCC2 0 (clhd_pred_TCC2-1 nil 3311589003 3311590021 ("" (skosimp*) (("" (assert) (("" (hide -) (("" (ground) (("" (expand "sq" -1) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((sq const-decl "nonneg_real" sq "reals/")) 39038 7220 t nil)) (clhd_pred_TCC3 0 (clhd_pred_TCC3-1 nil 3311589003 3311590105 ("" (skosimp*) (("" (assert) (("" (hide-all-but (-23 3)) (("" (assert) nil nil)) nil)) nil)) nil) proved nil 78001 7480 t nil)) (clhd_pred 0 (clhd_pred-1 nil 3311589008 3311589877 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (auto-rewrite "member") (("" (lemma "clhd") (("" (assert :quant-simp? t) (("" (inst - "eps!1" "s!1" "tr!1" "vi!1" "vo!1" "voe!1" "vr!1") (("" (case-replace "(vo!1 - vi!1) = v!1") (("1" (case-replace "(voe!1 - vi!1) = ve!1") (("1" (case-replace "(tr!1 * v!1`y - alpha_calc(eps!1, s!1 + tr!1 * v!1) * tr!1 * v!1`x) / (ve!1`y - alpha_calc(eps!1, s!1 + tr!1 * v!1) * ve!1`x) = te!1") (("1" (name-replace "CCCCCCCCC" "separation?(s!1, ve!1) AND separation?(s!1 + te!1 * ve!1, vr!1) AND heading_only?(vo!1, voe!1) AND s!1 + tr!1 * v!1 = s!1 + te!1 * ve!1 + (tr!1 - te!1) * vr!1") (("1" (assert) (("1" (hide 2) (("1" (expand "clhd_pred") (("1" (flatten) (("1" (expand "Pick_Root") (("1" (lift-if) (("1" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -3 2) (("2" (expand "clhd_pred") (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (hide -3 2) (("3" (expand "clhd_pred") (("3" (flatten) (("3" (assert) nil nil)) nil)) nil)) nil) ("4" (hide -3 2) (("4" (expand "clhd_pred") (("4" (flatten) (("4" (assert) (("4" (replace -5 * rl) (("4" (ground) (("4" (expand "sq" -1) (("4" (mult-cases -2) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -2 2) (("2" (expand "clhd_pred") (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (hide -1 2) (("2" (expand "clhd_pred") (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((clhd formula-decl nil circle_line_hd_comb nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (zero_times3 formula-decl nil real_props nil) (heading_only? const-decl "bool" common_defs nil) (separation? const-decl "bool" criteria nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (Pick_Root const-decl "real" common_defs nil) (clhd_pred const-decl "bool" circle_line_hd_comb nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (alpha_calc const-decl "real" hd_only nil) (alpha_type type-eq-decl nil hd_only nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil)) 869620 294350 t shostak))) $$$line_circle_hd_comb.pvs line_circle_hd_comb: THEORY BEGIN %---------------------------------------------------------------------------- % NOTE: escape lemmas same as line_line_hd %---------------------------------------------------------------------------- IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign alpha, tpp, Ax, Ay, B_x, B_y: VAR real lchd: THEOREM ve = voe - vi AND v = vo - vi AND sr = s + tr*v AND sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND alpha = alpha_calc(eps,s) AND % COMPUTED VALUE (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x AND % COMPUTED VALUE ve`z = v`z AND v`z /= 0 AND % For theta TCC tpp = theta(1,s`z,v`z) AND % tau(s,ve) < tpp AND % TEST CONDITION % tpp < tr AND % TEST CONDITION Ax = sr`x + (tpp - tr)*ve`x AND % CALCULATION Ay = sr`y + (tpp - tr)*ve`y AND % CALCULATION B_x = (s`x+tpp*v`x) AND % CALCULATION B_y = (s`y+tpp*v`y) AND % CALCULATION sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND ( te = x1(sq(Ax) + sq(Ay) - sq(D), % COMPUTED VALUE 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) OR te = x2(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) ) AND te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE % (sr`x + (tpp - tr) * vr`x) * vr`x + % POST COMPUTATION TEST % (sr`y + (tpp - tr) * vr`y) * vr`y <= 0 entry?(sr+(tpp-tr)*vr,vr) IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr root, root2: VAR bool lchd_pred(eps, root, root2, s, te, tr, vi, vo, voe, vr): bool = LET ve = voe - vi, v = vo - vi IN ( sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION v`z /= 0 AND % For theta TCC LET sr = s + tr*v, alpha = alpha_calc(eps,s), tpp = theta(1,s`z,v`z), Ax = sr`x + (tpp - tr)*ve`x, Ay = sr`y + (tpp - tr)*ve`y, B_x = (s`x+tpp*v`x), B_y = (s`y+tpp*v`y) IN hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND (ve`x = Pick_Root(root, 1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x AND % COMPUTED VALUE ve`z = v`z AND % tau(s,ve) < tpp AND % TEST CONDITION % tpp < tr AND % TEST CONDITION sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND te = Pick_Root(root2, sq(Ax) + sq(Ay) - sq(D), % COMPUTED VALUE 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D))) AND te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE % (sr`x + (tpp - tr) * vr`x) * vr`x + % POST COMPUTATION TEST % (sr`y + (tpp - tr) * vr`y) * vr`y <= 0 entry?(sr+(tpp-tr)*vr,vr) ) lchd_pred: THEOREM LET v = (vo - vi), ve = voe - vi IN lchd_pred(eps, root, root2, s, te, tr, vi, vo, voe, vr) IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr END line_circle_hd_comb $$$line_circle_hd_comb.prf (line_circle_hd_comb (lchd_TCC1 0 (lchd_TCC1-1 nil 3287939635 3311518375 ("" (skosimp*) (("" (assert) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 847 770 nil nil)) (lchd_TCC2 0 (lchd_TCC2-1 nil 3287939635 3311518375 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 518 470 nil nil)) (lchd_TCC3 0 (lchd_TCC3-1 nil 3287939635 3311518377 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1651 1570 nil nil)) (lchd_TCC4 0 (lchd_TCC4-1 nil 3287939635 3311518378 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1500 1470 nil nil)) (lchd 0 (lchd-1 nil 3287939635 3311518388 ("" (skosimp*) (("" (split +) (("1" (lemma "line_escape") (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (lemma "circle_recovery") (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("3" (lemma "line_esc_hd_only") (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (assert) nil nil)) nil)) nil)) nil)) nil) ("4" (lemma "basic_timeliness") (("4" (inst?) (("4" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (line_escape formula-decl nil hd_only nil) (circle_recovery formula-decl nil hd_only nil) (line_esc_hd_only formula-decl nil hd_only nil) (basic_timeliness formula-decl nil timeliness nil)) 9561 9310 nil nil)) (lchd_pred_TCC1 0 (lchd_pred_TCC1-1 nil 3311518367 3311518639 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 24060 1480 t nil)) (lchd_pred_TCC2 0 (lchd_pred_TCC2-1 nil 3311518367 3311518786 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 7833 2940 t nil)) (lchd_pred 0 (lchd_pred-1 nil 3311085670 3311442073 ("" (skosimp*) (("" (lemma "lchd") (("" (assert :quant-simp? t) (("" (inst - "eps!1" "s!1" "te!1" "tr!1" "vi!1" "vo!1" "voe!1" "vr!1") (("" (name-replace "CCCCCC" "separation?(s!1, voe!1 - vi!1) AND separation?(s!1 + te!1 * (voe!1 - vi!1), vr!1) AND heading_only?(vo!1, voe!1) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + te!1 * (voe!1 - vi!1) + (tr!1 - te!1) * vr!1 ") (("" (flatten) (("" (assert) (("" (hide 2) (("" (expand "lchd_pred") (("" (expand "Pick_Root") (("" (lift-if) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((lchd formula-decl nil line_circle_hd_comb nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (Pick_Root const-decl "real" common_defs nil) (lchd_pred const-decl "bool" line_circle_hd_comb nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (heading_only? const-decl "bool" common_defs nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) nil (separation? const-decl "bool" criteria nil) (AND const-decl "[bool, bool -> bool]" booleans nil)) 664015 239090 t shostak))) $$$line_line_hd_comb.pvs line_line_hd_comb: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape maneuver sr : VAR Vect3 % Relative position at the end of the escape maneuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign %% SOLUTIONS THAT RESULT IN ve`x = 0 %% ESCAPE SOLUTIONS THAT RESULT IN ve'x /= 0 alpha, alpha2: VAR real root: VAR bool llhd: THEOREM ve = voe - vi AND v = vo - vi AND sr = s + tr*v AND sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND alpha = alpha_calc(eps,s) AND % COMPUTED VALUE (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x AND % COMPUTED VALUE hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION alpha2 = alpha_calc(eps,sr) AND % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr llhd_pred(eps, root, s, te, tr, vi, vo, voe, vr): bool = LET ve = voe - vi , v = vo - vi , sr = s + tr*v IN sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION LET alpha = alpha_calc(eps,s) IN % COMPUTED VALUE discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND ve`x = Pick_Root(root,1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) AND ve`y = alpha*ve`x AND % COMPUTED VALUE hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION LET alpha2 = alpha_calc(eps,sr) IN % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE llhd_pred: LEMMA LET v = (vo - vi), ve = voe - vi IN llhd_pred(eps, root, s, te, tr, vi, vo, voe, vr) IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) AND heading_only?(vo,voe) AND s + tr * v = s + te*ve + (tr-te)*vr END line_line_hd_comb $$$line_line_hd_comb.prf (line_line_hd_comb (llhd_TCC1 0 (llhd_TCC1-1 nil 3287939635 3311612592 ("" (skosimp*) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((sq const-decl "nonneg_real" sq "reals/") (zero_times3 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil)) 914 870 nil nil)) (llhd_TCC2 0 (llhd_TCC2-1 nil 3287939635 3311612593 ("" (skosimp*) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil) proved nil 592 540 t nil)) (llhd_TCC3 0 (llhd_TCC3-1 nil 3287939635 3311612704 ("" (skosimp*) (("" (assert) (("" (ground) (("1" (expand "sq") (("1" (mult-cases -2) nil nil)) nil) ("2" (expand "sq") (("2" (mult-cases -2) nil nil)) nil)) nil)) nil)) nil) proved ((sq const-decl "nonneg_real" sq "reals/") (zero_times3 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil)) 43614 4960 t nil)) (llhd_TCC4 0 (llhd_TCC4-1 nil 3311612483 3311612612 ("" (subtype-tcc) nil nil) proved ((Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil) (discr const-decl "real" quadratic "reals/") (root const-decl "real" quadratic "reals/") (/= const-decl "boolean" notequal nil)) 17827 17150 nil nil)) (llhd 0 (llhd-1 nil 3287939635 3311612626 ("" (skosimp*) (("" (split +) (("1" (lemma "line_escape") (("1" (inst?) (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (lemma "line_recovery") (("2" (inst?) (("2" (inst?) (("2" (inst - "eps!1" "sr!1") (("2" (assert) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("3" (lemma "line_esc_hd_only") (("3" (inst?) (("3" (inst?) (("3" (inst?) (("3" (assert) nil nil)) nil)) nil)) nil)) nil) ("4" (lemma "alpha_timeliness") (("4" (inst?) (("4" (inst?) (("4" (assert) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (line_escape formula-decl nil hd_only nil) (line_recovery formula-decl nil hd_only nil) (line_esc_hd_only formula-decl nil hd_only nil) (alpha_timeliness formula-decl nil timeliness nil)) 14369 14130 t nil)) (llhd_pred_TCC1 0 (llhd_pred_TCC1-1 nil 3311611547 3311612627 ("" (skosimp*) (("" (assert) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil)) nil) proved ((sq const-decl "nonneg_real" sq "reals/") (zero_times3 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil)) 639 610 t nil)) (llhd_pred_TCC2 0 (llhd_pred_TCC2-1 nil 3311612483 3311612723 ("" (skosimp*) (("" (assert) (("" (ground) (("" (expand "sq") (("" (mult-cases -2) nil nil)) nil)) nil)) nil)) nil) proved ((sq const-decl "nonneg_real" sq "reals/") (zero_times3 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil)) 12955 2300 t nil)) (llhd_pred_TCC3 0 (llhd_pred_TCC3-1 nil 3311612483 3311612753 ("" (skosimp*) (("" (assert) (("" (assert) nil nil)) nil)) nil) proved nil 26275 1750 t nil)) (llhd_pred 0 (llhd_pred-2 nil 3311612509 3311612589 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (lemma "llhd") (("" (inst?) (("" (assert :quant-simp? t) (("" (inst?) (("" (assert) (("" (flatten) (("" (name-replace "CCCC" "separation?(s!1, voe!1 - vi!1) AND separation?(s!1 + te!1 * (voe!1 - vi!1), vr!1) AND heading_only?(vo!1, voe!1) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + te!1 * (voe!1 - vi!1) + (tr!1 - te!1) * vr!1") (("" (assert) (("" (expand "llhd_pred") (("" (flatten) (("" (expand "Pick_Root") (("" (assert) (("" (expand "-") (("" (assert) (("" (lift-if) (("" (inst - "eps!1") (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((llhd formula-decl nil line_line_hd_comb nil) (= const-decl "[T, T -> boolean]" equalities nil) (bool nonempty-type-eq-decl nil booleans nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (separation? const-decl "bool" criteria nil) (- const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (heading_only? const-decl "bool" common_defs nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (llhd_pred const-decl "bool" line_line_hd_comb nil) (Pick_Root const-decl "real" common_defs nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 78474 22600 t nil) (llhd_pred-1 nil 3311611554 3311612297 ("" (skosimp*) (("" (auto-rewrite "emptyset") (("" (lemma "llhd") (("" (inst?) (("" (assert :quant-simp? t) (("" (inst?) (("" (inst - "eps!1" "root!1") (("" (assert) (("" (flatten) (("" (name-replace "CCCC" "separation?(s!1, voe!1 - vi!1) AND separation?(s!1 + te!1 * (voe!1 - vi!1), vr!1) AND heading_only?(vo!1, voe!1) AND s!1 + tr!1 * (vo!1 - vi!1) = s!1 + te!1 * (voe!1 - vi!1) + (tr!1 - te!1) * vr!1") (("" (assert) (("" (expand "llhd_pred") (("" (flatten) (("" (assert) (("" (expand "-") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (separation? const-decl "bool" criteria nil) nil (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (heading_only? const-decl "bool" common_defs nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (llhd_pred const-decl "bool" line_line_hd_comb nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (llhd formula-decl nil line_line_hd_comb nil)) 160689 20020 t shostak))) $$$out_circle_hd.pvs out_circle_hd: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship escape velocity vor : VAR Vect3 % Ownship recovery velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thp,SSx,SSy: VAR real % NOTE: same as circle_line ochd_escape: THEOREM v`z /= 0 AND thp = theta(-1,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi AND ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) IMPLIES separation?(s,ve) ochd_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(voe`x) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi IMPLIES heading_only?(vo,voe) ochd_recovery: THEOREM v`z /= 0 AND thp = theta(-1,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y-thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y-thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND A /= 0 AND % TEST AFTER COMPUTATION sr = s + tr*v AND discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND ve = voe - vi AND ve`z = v`z AND % COMPUTED VALUE te = thp AND % 0 < thp AND % thp < tr AND exit?(s + thp * ve, vr) AND % TEST vr`z = v`z IMPLIES separation?(s+te*ve,vr) END out_circle_hd $$$out_circle_hd.prf (out_circle_hd (ochd_escape_TCC1 0 (ochd_escape_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (ochd_escape 0 (ochd_escape-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "circle_escape") (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (ochd_hd_only_TCC1 0 (ochd_hd_only_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (ochd_hd_only 0 (ochd_hd_only-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "cir_hd_only") (("" (inst?) (("" (inst -1 "ve!1" "voe!1") (("" (assert) nil nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (ochd_recovery 0 (ochd_recovery-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "out_circle_recovery") (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil))) $$$in_circle_hd.pvs in_circle_hd: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship escape velocity vor : VAR Vect3 % Ownship recovery velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thpp,SSx,SSy: VAR real % NOTE: same as circle_line escape except theta^1 rather than theta^-1 % and test is for an entry_point ichd_escape: THEOREM v`z /= 0 AND thpp = theta(1,s`z,v`z) AND SSx = s`x - thpp * vi`x AND SSy = s`y - thpp * vi`y AND A = 4*sq(thpp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thpp*vi`x)*thpp*E AND C = sq(E) - 4*sq(s`y - thpp*vi`y)*sq(thpp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thpp*vi`x) + sq(s`y - thpp*vi`y) + sq(thpp)*sq(vo`x) + sq(thpp)*sq(vo`y) - sq(D) AND entry?(s + thpp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi AND % ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thpp*vi`y) * thpp * voe`y) = sign(E + 2 * (s`x - thpp*vi`x) * thpp * voe`x) IMPLIES separation?(s,ve) ichd_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(voe`x) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi IMPLIES heading_only?(vo,voe) ichd_recovery: THEOREM v`z /= 0 AND thpp = theta(1,s`z,v`z) AND ve`z = v`z AND % COMPUTED VALUE te = thpp AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation_pos?(s+te*ve,vr) ichd_timeliness: THEOREM te = thpp AND te /= tr AND vor`x = (te*voe`x - tr*vo`x)/(thpp - tr) AND vor`y = (te*voe`y - tr*vo`y)/(thpp - tr) AND vr`z = v`z AND ve`z = v`z AND v = vo - vi AND ve = voe - vi AND vr = vor - vi IMPLIES s + tr * v = s + te*ve + (tr-te)*vr END in_circle_hd $$$in_circle_hd.prf (in_circle_hd (ichd_escape_TCC1 0 (ichd_escape_TCC1-1 nil 3310832272 3310916594 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1211 1010 nil nil)) (ichd_escape 0 (ichd_escape-1 nil 3310832272 3310920859 ("" (skosimp*) (("" (lemma "circle_escape") (("" (inst?) (("" (assert) (("" (inst?) (("" (inst?) (("" (inst -1 "B!1" "ve!1" "voe!1") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((circle_escape formula-decl nil hd_only nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 227541 36440 t nil)) (ichd_hd_only_TCC1 0 (ichd_hd_only_TCC1-1 nil 3310832272 3310916605 ("" (subtype-tcc) nil nil) proved ((sq const-decl "nonneg_real" sq "reals/")) 359 250 nil nil)) (ichd_hd_only 0 (ichd_hd_only-1 nil 3310832272 3310916605 ("" (skosimp*) (("" (lemma "cir_hd_only") (("" (inst?) (("" (inst -1 "ve!1" "voe!1") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((cir_hd_only formula-decl nil hd_only nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 288 220 nil nil)) (ichd_recovery 0 (ichd_recovery-1 nil 3310832272 3310916605 ("" (skosimp*) (("" (lemma "in_circle_recovery") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((in_circle_recovery formula-decl nil hd_only nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 43 40 nil nil)) (ichd_timeliness_TCC1 0 (ichd_timeliness_TCC1-1 nil 3310832272 3310916605 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil)) 149 70 nil nil)) (ichd_timeliness 0 (ichd_timeliness-1 nil 3310832272 3310916606 ("" (skosimp*) (("" (lemma "vor_timeliness") (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((vor_timeliness formula-decl nil timeliness nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 568 470 nil nil))) $$$circle_circle_hd.pvs circle_circle_hd: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thp,tpp,SSx,SSy, Ax, Ay, B_x, B_y: VAR real %% ESCAPE same as circle_line escape case. %% CHECK INTO extra tests abs(s`z) > H or abs(sr`z) > H cchd_escape: THEOREM v`z /= 0 AND thp = theta(-1,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi AND % ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) IMPLIES separation?(s,ve) cchd_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(voe`x) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi IMPLIES heading_only?(vo,voe) %% Recovery case same as line_circle except extra tests: %% 0 < theta(-1,s`z,v`z) theta(1,s`z,v`z) < tr cchd_recovery: THEOREM hor_speed_gt_0?(ve) AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND % For theta TCC tpp = theta(1,s`z,v`z) AND % tau(s,ve) < tpp AND % TEST CONDITION % tpp < tr AND % TEST CONDITION Ax = sr`x + (tpp - tr)*ve`x AND % CALCULATION Ay = sr`y + (tpp - tr)*ve`y AND % CALCULATION B_x = (s`x+tpp*v`x) AND % CALCULATION B_y = (s`y+tpp*v`y) AND % CALCULATION sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND ( te = x1(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) OR te = x2(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) ) AND te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE % (sr`x + (tpp - tr) * vr`x) * vr`x + % POST COMPUTATION TES%% (sr`y + (tpp - tr) * vr`y) * vr`y <= 0 entry?(sr+(tpp-tr)*vr,vr) IMPLIES separation?(s+te*ve,vr) cchd_timeliness: THEOREM te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = (tr*v`y-te*ve`y)/(tr-te) AND ve`z = v`z AND vr`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr END circle_circle_hd $$$circle_circle_hd.prf (|circle_circle_hd| (|cchd_escape_TCC1| "" (SKOSIMP*) (("" (ASSERT) NIL NIL)) NIL) (|cchd_escape| "" (SKOSIMP*) (("" (LEMMA "circle_escape") (("" (INST?) (("" (INST?) (("" (INST?) (("" (INST?) (("" (INST?) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|cchd_hd_only_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|cchd_hd_only| "" (SKOSIMP*) (("" (LEMMA "cir_hd_only") (("" (INST?) (("" (INST -1 "ve!1" "voe!1") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL) (|cchd_recovery_TCC1| "" (SKOSIMP*) (("" (ASSERT) NIL NIL)) NIL) (|cchd_recovery_TCC2| "" (SKOSIMP*) (("" (ASSERT) NIL NIL)) NIL) (|cchd_recovery| "" (SKOSIMP*) (("" (LEMMA "circle_recovery") (("" (INST?) (("" (INST?) (("" (INST?) (("" (INST?) (("" (INST?) (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|cchd_timeliness_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|cchd_timeliness| "" (SKOSIMP*) (("" (LEMMA "timeliness") (("" (INST?) (("" (ASSERT) (("" (CROSS-MULT -1) (("" (CROSS-MULT -2) (("" (PROP) (("1" (CROSS-MULT 1) (("1" (ASSERT) NIL NIL)) NIL) ("2" (CROSS-MULT 1) (("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) $$$circle_line_hd.pvs circle_line_hd: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign A,B,C,E,thp,SSx,SSy: VAR real clhd_escape: THEOREM v`z /= 0 AND thp = theta(-1,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND exit?(s + thp * ve, ve) AND % TEST A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi AND ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) IMPLIES separation?(s,ve) clhd_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(voe`x) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi IMPLIES heading_only?(vo,voe) %% RECOVERY CASE SAME AS line_line_hd recovery case alpha2: VAR real clhd_recovery_0: THEOREM %% CASE vr`x = 0 AND sq(D) = sq(sr`x) hor_speed_gt_0?(vr) AND % TEST CONDITION AFTER COMPUTATION sr = s + tr*v AND sq(D) = sq(sr`x) AND % TEST CONDITION ve`x /= 0 AND % TEST CONDITION tr /= te AND % TEST CONDITION te = tr*v`x/ve`x AND % COMPUTED VALUE vr`x = 0 AND % COMPUTED VALUE vr`y = (tr*v`y - te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) clhd_recovery: THEOREM sr = s + tr*v AND hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION alpha2 = alpha_calc(eps,sr) AND % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) clhd_timeliness: THEOREM te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = alpha2*vr`x AND ve`y-alpha2*ve`x /= 0 AND te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND vr`z = v`z AND ve`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr END circle_line_hd $$$circle_line_hd.prf (circle_line_hd (clhd_escape_TCC1 0 (clhd_escape_TCC1-1 nil 3288109416 nil ("" (skosimp*) (("" (assert) nil nil)) nil) proved-complete nil nil nil nil nil)) (clhd_escape 0 (clhd_escape-1 nil 3288109416 nil ("" (skosimp*) (("" (lemma "circle_escape") (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) (("" (assert) (("" (replace -11) (("" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-incomplete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (circle_escape formula-decl nil hd_only nil)) nil nil nil nil)) (clhd_hd_only_TCC1 0 (clhd_hd_only_TCC1-1 nil 3288109416 nil ("" (subtype-tcc) nil nil) proved-complete ((sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (clhd_hd_only 0 (clhd_hd_only-1 nil 3288109416 nil ("" (skosimp*) (("" (lemma "cir_hd_only") (("" (inst?) (("" (inst -1 "ve!1" "voe!1") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (cir_hd_only formula-decl nil hd_only nil)) nil nil nil nil)) (clhd_recovery_0_TCC1 0 (clhd_recovery_0_TCC1-1 nil 3288109416 nil ("" (subtype-tcc) nil nil) proved-complete ((/= const-decl "boolean" notequal nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) nil nil nil nil)) (clhd_recovery_0 0 (clhd_recovery_0-1 nil 3288109416 nil ("" (skosimp*) (("" (lemma "line_recovery_0") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (line_recovery_0 formula-decl nil hd_only nil)) nil nil nil nil)) (clhd_recovery_TCC1 0 (clhd_recovery_TCC1-1 nil 3288109416 nil ("" (skosimp*) (("" (ground) (("" (mult-cases -2) (("" (expand "sq") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (clhd_recovery_TCC2 0 (clhd_recovery_TCC2-1 nil 3288109416 nil ("" (subtype-tcc) nil nil) proved-complete ((/= const-decl "boolean" notequal nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil)) nil nil nil nil)) (clhd_recovery 0 (clhd_recovery-1 nil 3288109416 3288109427 ("" (skosimp*) (("" (lemma "line_recovery ") (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((line_recovery formula-decl nil hd_only nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 10354 1870 t nil)) (clhd_timeliness_TCC1 0 (clhd_timeliness_TCC1-1 nil 3288109416 nil ("" (subtype-tcc) nil nil) proved-complete ((/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) nil nil nil nil)) (clhd_timeliness 0 (clhd_timeliness-1 nil 3288109416 nil ("" (skosimp*) (("" (lemma "alpha_timeliness") (("" (inst?) (("" (assert) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (alpha_timeliness formula-decl nil timeliness nil)) nil nil nil nil))) $$$line_circle_hd.pvs line_circle_hd: THEORY BEGIN %---------------------------------------------------------------------------- % NOTE: escape lemmas same as line_line_hd %---------------------------------------------------------------------------- IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign alpha, tpp, Ax, Ay, B_x, B_y: VAR real lchd_escape_0: THEOREM %% IF sq(vo`x) + sq(vo`y) >= sq(vi`x) ve = voe - vi AND sq(vo`x) + sq(vo`y) >= sq(vi`x) AND % TEST CONDITION sq(D) = sq(s`x) AND % TEST CONDITION voe`x = vi`x AND % COMPUTED VALUE voe`y = eps*sqrt(sq(vo`x)+sq(vo`y)-sq(vi`x)) AND % COMPUTED VALUE hor_speed_gt_0?(ve) % TEST AFTER COMPUTATION IMPLIES separation?(s,ve) lchd_escape: THEOREM sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND alpha = alpha_calc(eps,s) AND % COMPUTED VALUE (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x % COMPUTED VALUE IMPLIES separation?(s,ve) lchd_esc_hd_only: THEOREM sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x AND % COMPUTED VALUE ve = voe - vi AND v = vo - vi AND ve`z = v`z IMPLIES heading_only?(vo,voe) lchd_recovery: THEOREM hor_speed_gt_0?(ve) AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND % For theta TCC tpp = theta(1,s`z,v`z) AND % tau(s,ve) < tpp AND % TEST CONDITION % tpp < tr AND % TEST CONDITION Ax = sr`x + (tpp - tr)*ve`x AND % CALCULATION Ay = sr`y + (tpp - tr)*ve`y AND % CALCULATION B_x = (s`x+tpp*v`x) AND % CALCULATION B_y = (s`y+tpp*v`y) AND % CALCULATION sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND ( te = x1(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) OR te = x2(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) ) AND te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE % (sr`x + (tpp - tr) * vr`x) * vr`x + % POST COMPUTATION TEST % (sr`y + (tpp - tr) * vr`y) * vr`y <= 0 entry?(sr+(tpp-tr)*vr,vr) % POST COMPUTATION TEST IMPLIES separation?(s+te*ve,vr) lchd_timeliness: THEOREM te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = (tr*v`y-te*ve`y)/(tr-te) AND ve`z = v`z AND vr`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr END line_circle_hd $$$line_circle_hd.prf (line_circle_hd (lchd_escape_0_TCC1 0 (lchd_escape_0_TCC1-1 nil 3310832269 3310916546 ("" (subtype-tcc) nil nil) proved ((- const-decl "Vect3" Vectors nil) (sq const-decl "nonneg_real" sq "reals/")) 567 440 nil nil)) (lchd_escape_0 0 (lchd_escape_0-1 nil 3310832269 3310916547 ("" (skosimp*) (("" (lemma "line_escape_0") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((line_escape_0 formula-decl nil hd_only nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 556 430 nil nil)) (lchd_escape_TCC1 0 (lchd_escape_TCC1-1 nil 3310832269 3310916548 ("" (skosimp*) (("" (assert) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) 863 700 nil nil)) (lchd_escape_TCC2 0 (lchd_escape_TCC2-1 nil 3310832269 3310916548 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 492 440 nil nil)) (lchd_escape 0 (lchd_escape-1 nil 3310832269 3310916549 ("" (skosimp*) (("" (lemma "line_escape") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((line_escape formula-decl nil hd_only nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 657 560 nil nil)) (lchd_esc_hd_only_TCC1 0 (lchd_esc_hd_only_TCC1-1 nil 3310832269 3310916549 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 433 380 nil nil)) (lchd_esc_hd_only 0 (lchd_esc_hd_only-1 nil 3310832269 3310919673 ("" (skosimp*) (("" (lemma "line_esc_hd_only") (("" (inst?) (("" (assert) (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((line_esc_hd_only formula-decl nil hd_only nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 59873 3120 t nil)) (lchd_recovery_TCC1 0 (lchd_recovery_TCC1-1 nil 3310832269 3310916551 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1339 1120 nil nil)) (lchd_recovery_TCC2 0 (lchd_recovery_TCC2-1 nil 3310832269 3310916552 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1185 1020 nil nil)) (lchd_recovery 0 (lchd_recovery-1 nil 3310832269 3310916570 ("" (skosimp*) (("" (assert) (("" (lemma "circle_recovery") (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (circle_recovery formula-decl nil hd_only nil)) 17764 15510 nil nil)) (lchd_timeliness_TCC1 0 (lchd_timeliness_TCC1-1 nil 3310832269 3310916570 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 113 70 nil nil)) (lchd_timeliness 0 (lchd_timeliness-1 nil 3310832269 3310916571 ("" (skosimp*) (("" (lemma "timeliness") (("" (inst?) (("" (assert) (("" (cross-mult -1) (("" (cross-mult -2) (("" (prop) (("1" (cross-mult 1) (("1" (assert) nil nil)) nil) ("2" (cross-mult 1) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((timeliness formula-decl nil common_defs nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 771 550 nil nil))) $$$timeliness.pvs timeliness: THEORY BEGIN IMPORTING criteria, common_defs vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship escape velocity vor : VAR Vect3 % Ownship recovery velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape maneuver sr : VAR Vect3 % Relative position at the end of the escape maneuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time alpha: VAR real alpha_timeliness: THEOREM te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = alpha*vr`x AND ve`y-alpha*ve`x /= 0 AND te = tr*(v`y-alpha*v`x)/(ve`y-alpha*ve`x) AND vr`z = v`z AND ve`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr basic_timeliness: THEOREM te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = (tr*v`y-te*ve`y)/(tr-te) AND ve`z = v`z AND vr`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr vor_timeliness: THEOREM te /= tr AND vor`x = (te*voe`x - tr*vo`x)/(te - tr) AND vor`y = (te*voe`y - tr*vo`y)/(te - tr) AND vr`z = v`z AND ve`z = v`z AND v = vo - vi AND ve = voe - vi AND vr = vor - vi IMPLIES s + tr * v = s + te*ve + (tr-te)*vr END timeliness $$$timeliness.prf (timeliness (alpha_timeliness_TCC1 0 (alpha_timeliness_TCC1-1 nil 3287939632 nil ("" (subtype-tcc) nil nil) unchecked nil nil nil nil nil)) (alpha_timeliness 0 (alpha_timeliness-1 nil 3287939632 nil ("" (skosimp*) (("" (cross-mult -1) (("" (cross-mult -3) (("" (case "vr!1`y*(tr!1 - te!1) = tr!1 * v!1`y - te!1 * ve!1`y") (("1" (lemma "timeliness") (("1" (inst?) (("1" (assert) (("1" (prop) (("1" (cross-mult 1) nil nil) ("2" (cross-mult 1) nil nil)) nil)) nil)) nil)) nil) ("2" (mult-by -1 "alpha!1") (("2" (assert) (("2" (isolate -1 r 1) (("2" (replace -1 * rl) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (basic_timeliness 0 (basic_timeliness-1 nil 3287939632 nil ("" (skosimp*) (("" (lemma "timeliness") (("" (inst?) (("" (assert) (("" (cross-mult -1) (("" (cross-mult -2) (("" (prop) (("1" (cross-mult 1) (("1" (assert) nil nil)) nil) ("2" (cross-mult 1) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (vor_timeliness_TCC1 0 (vor_timeliness_TCC1-1 nil 3287939632 nil ("" (subtype-tcc) nil nil) unchecked nil nil nil nil nil)) (vor_timeliness 0 (vor_timeliness-1 nil 3287939632 nil ("" (skosimp*) (("" (lemma "timeliness") (("" (inst?) (("" (assert) (("" (hide 3) (("" (isolate -7 r 1) (("1" (isolate -6 r 1) (("1" (isolate -5 r 1) (("1" (replace -5 * rl) (("1" (hide -5) (("1" (replace -5 * rl) (("1" (hide -5) (("1" (replace -5 * rl) (("1" (hide -5) (("1" (cross-mult -1) (("1" (cross-mult -2) (("1" (grind) (("1" (cross-mult 1) nil nil) ("2" (cross-mult 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 1)) (("2" (apply-extensionality 1 :hide? t) (("1" (grind) nil nil) ("2" (grind) nil nil) ("3" (grind) nil nil)) nil)) nil) ("3" (hide-all-but (-1 1)) (("3" (apply-extensionality 1 :hide? t) (("1" (grind) nil nil) ("2" (grind) nil nil) ("3" (grind) nil nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 1)) (("2" (apply-extensionality 1 :hide? t) (("1" (grind) nil nil) ("2" (grind) nil nil) ("3" (grind) nil nil)) nil)) nil) ("3" (hide-all-but (-1 1)) (("3" (apply-extensionality 1 :hide? t) (("1" (grind) nil nil) ("2" (grind) nil nil) ("3" (grind) nil nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 1)) (("2" (apply-extensionality 1 :hide? t) (("1" (grind) nil nil) ("2" (grind) nil nil) ("3" (grind) nil nil)) nil)) nil) ("3" (hide-all-but (-1 1)) (("3" (apply-extensionality 1 :hide? t) (("1" (grind) nil nil) ("2" (grind) nil nil) ("3" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil))) $$$hd_only.pvs hd_only: THEORY BEGIN IMPORTING criteria, common_defs, timeliness vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship escape velocity vor : VAR Vect3 % Ownship recovery velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape maneuver sr : VAR Vect3 % Relative position at the end of the escape maneuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign alpha,alpha2,A,B,C,E,thp,thpp,SSx,SSy: VAR real ss,vv: VAR Vect3 line_escape_0: THEOREM %% IF sq(vo`x) + sq(vo`y) >= sq(vi`x) ve = voe - vi AND sq(vo`x) + sq(vo`y) >= sq(vi`x) AND % TEST CONDITION sq(D) = sq(s`x) AND % TEST CONDITION voe`x = vi`x AND % COMPUTED VALUE voe`y = eps*sqrt(sq(vo`x)+sq(vo`y)-sq(vi`x)) AND % COMPUTED VALUE hor_speed_gt_0?(ve) % TEST AFTER COMPUTATION IMPLIES separation?(s,ve) line_esc_0_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(vi`x) AND % TEST CONDITION voe`x = vi`x AND % COMPUTED VALUE voe`y = eps*sqrt(sq(vo`x)+sq(vo`y)-sq(vi`x))AND % COMPUTED VALUE voe`z = vo`z IMPLIES heading_only?(vo,voe) alpha_type_pred(s): MACRO bool = IF sq(D) = sq(s`x) THEN s`x*s`y /= 0 ELSE sq(s`x) + sq(s`y) - sq(D) >= 0 ENDIF alpha_type : TYPE = {s | alpha_type_pred(s)} alpha_calc(eps: real, s: alpha_type): real = IF sq(D) = sq(s`x) THEN (sq(s`y) - sq(D))/(2*s`x*s`y) ELSE (-s`x*s`y+eps*D*sqrt(sq(s`x)+sq(s`y)-sq(D)))/(sq(D)-sq(s`x)) ENDIF alpha_calc_lem: LEMMA alpha_type_pred(ss) AND alpha = alpha_calc(eps,ss) IMPLIES sq(D)*(1+sq(alpha)) = sq(ss`x*alpha - ss`y) line_esc_lem: LEMMA alpha_type_pred(ss) AND alpha = alpha_calc(eps,ss) AND vv`y = alpha*vv`x AND vv`x /= 0 IMPLIES tan_condition?(ss,vv) line_escape: THEOREM sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND alpha = alpha_calc(eps,s) AND % COMPUTED VALUE (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x % COMPUTED VALUE IMPLIES separation?(s,ve) line_esc_hd_only: THEOREM sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x AND % COMPUTED VALUE ve = voe - vi AND v = vo - vi AND ve`z = v`z IMPLIES heading_only?(vo,voe) %% RECOVERY SOLUTION THAT RESULT IN vr`x = 0 line_recovery_0: THEOREM %% CASE vr`x = 0 AND sq(D) = sq(sr`x) hor_speed_gt_0?(vr) AND % TEST CONDITION AFTER COMPUTATION sr = s + tr*v AND sq(D) = sq(sr`x) AND % TEST CONDITION ve`x /= 0 AND % TEST CONDITION tr /= te AND % TEST CONDITION te = tr*v`x/ve`x AND % COMPUTED VALUE vr`x = 0 AND % COMPUTED VALUE vr`y = (tr*v`y - te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) %% RECOVERY SOLUTIONS THAT RESULT IN vr`x /= 0 line_recovery: THEOREM sr = s + tr*v AND hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION alpha2 = alpha_calc(eps,sr) AND % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) %---------------------------------------------------------------------------- cir_esc_cyl: LEMMA v`z /= 0 AND thp = theta(eps,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND ve = voe - vi IMPLIES on_cyl?(s + thp*ve) circle_escape: THEOREM v`z /= 0 AND thp = theta(eps,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y - thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y - thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND ( (exit?(s + thp * ve, ve) AND eps = -1) OR (entry?(s + thp * ve, ve) AND eps = 1) ) AND A /= 0 AND % TEST AFTER COMPUTATION discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi AND % ve`z = v`z AND % COMPUTED VALUE sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) IMPLIES separation?(s,ve) tpp, Ax, Ay, B_x, B_y: VAR real cir_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(voe`x) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND voe`z = vo`z AND v = vo - vi AND ve = voe - vi IMPLIES heading_only?(vo,voe) cir_rec_lem: LEMMA Ax = sr`x + (tpp - tr)*ve`x AND Ay = sr`y + (tpp - tr)*ve`y AND B_x = (s`x+tpp*v`x) AND B_y = (s`y+tpp*v`y) AND sq(Ax) + sq(Ay) - sq(D) /= 0 AND discr(sq(Ax) + sq(Ay) - sq(D), 2*tr * sq(D) - 2*Ax * B_x * tr - 2*(Ay*B_y*tr), sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND ( te = x1(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) OR te = x2(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) ) AND sr = s + tr*v AND te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = (tr*v`y-te*ve`y)/(tr-te) IMPLIES sq(s`x + te*ve`x + (tpp - te)*vr`x) + sq(s`y + te*ve`y + (tpp - te)*vr`y) = sq(D) circle_recovery: THEOREM hor_speed_gt_0?(ve) AND ve = voe - vi AND sr = s + tr*v AND v`z /= 0 AND % For theta TCC tpp = theta(1,s`z,v`z) AND % tau(s,ve) < tpp AND % TEST CONDITION % tpp < tr AND % TEST CONDITION Ax = sr`x + (tpp - tr)*ve`x AND % CALCULATION Ay = sr`y + (tpp - tr)*ve`y AND % CALCULATION B_x = (s`x+tpp*v`x) AND % CALCULATION B_y = (s`y+tpp*v`y) AND % CALCULATION sq(Ax) + sq(Ay) - sq(D) /= 0 AND % TEST CONDITION discr(sq(Ax) + sq(Ay) - sq(D), % TEST CONDITION 2*tr*sq(D) - 2*Ax*B_x*tr - 2*Ay*B_y*tr, sq(tr) * (sq(B_x) + sq(B_y) - sq(D))) >= 0 AND ( te = x1(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) OR te = x2(sq(Ax) + sq(Ay) - sq(D), 2*tr*(sq(D) - Ax*B_x - Ay*B_y), sq(tr)*(sq(B_x)+sq(B_y)-sq(D)) ) ) AND te /= tr AND % POST COMPUTATION TEST vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = (tr*v`y-te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z AND % COMPUTED VALUE % (sr`x + (tpp - tr) * vr`x) * vr`x + % POST COMPUTATION TEST % (sr`y + (tpp - tr) * vr`y) * vr`y <= 0 entry?(sr+(tpp-tr)*vr,vr) IMPLIES separation?(s+te*ve,vr) %---------------------------------------------------------------------------- separation_pos?(s,v): bool = (FORALL (tt: nonneg_real): hor_sep?(s+tt*v) OR vert_sep?(s+tt*v)) in_circle_recovery: THEOREM v`z /= 0 AND te = theta(1,s`z,v`z) AND ve`z = v`z AND vr`z = v`z IMPLIES separation_pos?(s+te*ve,vr) out_circle_recovery: THEOREM v`z /= 0 AND thp = theta(-1,s`z,v`z) AND SSx = s`x - thp * vi`x AND SSy = s`y - thp * vi`y AND A = 4*sq(thp)*(sq(SSx) + sq(SSy)) AND B = 4*(s`x - thp*vi`x)*thp*E AND C = sq(E) - 4*sq(s`y-thp*vi`y)*sq(thp)*(sq(vo`x)+sq(vo`y)) AND E = sq(s`x - thp*vi`x) + sq(s`y-thp*vi`y) + sq(thp)*sq(vo`x) + sq(thp)*sq(vo`y) - sq(D) AND A /= 0 AND % TEST AFTER COMPUTATION sr = s + tr*v AND discr(A,B,C) >= 0 AND sq(vo`x) + sq(vo`y) >= sq(voe`x) AND ( voe`x = x1(A,B,C) OR voe`x = x2(A,B,C) ) AND voe`y = sqrt(sq(vo`x) + sq(vo`y) - sq(voe`x)) AND sign(-2 * (s`y - thp*vi`y) * thp * voe`y) = sign(E + 2 * (s`x - thp*vi`x) * thp * voe`x) AND ve = voe - vi AND ve`z = v`z AND % COMPUTED VALUE te = thp AND % 0 < thp AND % thp < tr AND exit?(s + thp * ve, vr) AND % TEST vr`z = v`z IMPLIES separation?(s+te*ve,vr) END hd_only $$$hd_only.prf (hd_only (line_escape_0_TCC1 0 (line_escape_0_TCC1-1 nil 3287939633 3311010960 ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil 228 180 nil nil)) (line_escape_0 0 (line_escape_0-1 nil 3287939633 3311010961 ("" (skosimp*) (("" (lemma "separation_lem") (("" (inst -1 "s!1" "tau(s!1,ve!1)" "ve!1") (("" (assert) (("" (hide 2) (("" (lemma "line_case_correctness") (("" (inst?) (("" (assert) (("" (hide 2) (("" (lemma "tau_is_tangent_pt") (("" (inst?) (("" (expand "at") (("" (hide 2) (("" (expand "tan_condition?") (("" (case-replace "ve!1`x = 0") (("1" (rewrite "sq_0") (("1" (assert) (("1" (replace -4) (("1" (hide-all-but 1) (("1" (grind) nil nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 -4 1)) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((separation_lem formula-decl nil criteria nil) (line_case_correctness formula-decl nil criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (at const-decl "Vect3" criteria nil) (tan_condition? const-decl "bool" criteria nil) nil (sq_0 formula-decl nil sq "reals/") (sq const-decl "nonneg_real" sq "reals/") (= const-decl "[T, T -> boolean]" equalities nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (tau const-decl "real" criteria nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (hor_speed_gt_0? const-decl "bool" criteria nil) nil) 964 790 nil nil)) (line_esc_0_hd_only_TCC1 0 (line_esc_0_hd_only_TCC1-1 nil 3287939633 3311933469 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 5760 1120 t nil)) (line_esc_0_hd_only 0 (line_esc_0_hd_only-1 nil 3287939633 3311933453 ("" (skosimp*) (("" (expand "heading_only?") (("" (assert) (("" (hide -4) (("" (replace -2) (("" (hide -2) (("" (typepred "eps!1") (("" (prop) (("1" (replace -1) (("1" (replace -3) (("1" (assert) (("1" (rewrite "sq_times") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (replace -1) (("2" (hide -1) (("2" (replace -2) (("2" (rewrite "sq_times") (("2" (assert) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sq_sqrt formula-decl nil sqrt "reals/") (sq_1 formula-decl nil sq "reals/") (Vect3 type-eq-decl nil Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sq_times formula-decl nil sq "reals/") (heading_only? const-decl "bool" common_defs nil)) 7633 1200 t nil)) (alpha_calc_TCC1 0 (alpha_calc_TCC1-1 nil 3287939633 3311010963 ("" (tcc) nil nil) unchecked ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (sq const-decl "nonneg_real" sq "reals/")) 462 430 nil nil)) (alpha_calc_TCC2 0 (alpha_calc_TCC2-1 nil 3287939633 3311010964 ("" (subtype-tcc) nil nil) unchecked ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (sq const-decl "nonneg_real" sq "reals/")) 404 350 nil nil)) (alpha_calc_TCC3 0 (alpha_calc_TCC3-1 nil 3287939633 3311010964 ("" (subtype-tcc) nil nil) unchecked ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (IMPLIES const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (IF const-decl "[boolean, T, T -> T]" if_def nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (alpha_type type-eq-decl nil hd_only nil) (sq const-decl "nonneg_real" sq "reals/")) 356 310 nil nil)) (alpha_calc_lem_TCC1 0 (alpha_calc_lem_TCC1-1 nil 3287939633 3311010964 ("" (subtype-tcc) nil nil) unchecked ((sq const-decl "nonneg_real" sq "reals/") (/= const-decl "boolean" notequal nil)) 349 300 nil nil)) (alpha_calc_lem 0 (alpha_calc_lem-1 nil 3287939633 3311011378 ("" (skosimp*) (("" (expand "alpha_calc") (("" (lift-if) (("" (prop) (("1" (cross-mult -2) (("1" (assert) (("1" (grind) nil nil)) nil)) nil) ("2" (hide -3 -4 2) (("2" (case "(sq(D) - sq(ss!1`x))*sq(alpha!1) + 2*ss!1`x*ss!1`y * alpha!1 + (sq(D) - sq(ss!1`y)) = 0") (("1" (hide -2 -3) (("1" (grind) nil nil)) nil) ("2" (lemma "quadratic_eq_0") (("2" (inst?) (("2" (assert) (("2" (assert) (("2" (hide 2) (("2" (prop) (("1" (hide -1) (("1" (expand "discr") (("1" (expand "sq") (("1" (mult-by -1 "4*D*D") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (typepred "eps!1") (("2" (expand "root") (("2" (case-replace "discr((sq(D) - sq(ss!1`x)), 2 * (ss!1`x * ss!1`y), (sq(D) - sq(ss!1`y))) = 4*sq(D)*(sq(ss!1`x) + sq(ss!1`y) - sq(D))") (("1" (hide -1) (("1" (rewrite "sqrt_times") (("1" (case-replace "sqrt(4*sq(D)) = 2*D") (("1" (assert) (("1" (field -3) (("1" (prop) (("1" (hide 3) (("1" (field 2) nil nil)) nil) ("2" (hide 2) (("2" (replace -1) (("2" (hide -1) (("2" (hide -3 4) (("2" (cross-mult 2) (("2" (mult-by -1 "2") (("2" (assert) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (hide-all-but 1) (("2" (rewrite "sqrt_times") nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -2 2 3) (("2" (expand "discr") (("2" (assert) (("2" (expand "sq") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((alpha_calc const-decl "real" hd_only nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (discr const-decl "real" quadratic "reals/") (both_sides_times_pos_ge1_imp formula-decl nil extra_real_props "Manip/") (root const-decl "real" quadratic "reals/") (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (neg_mult formula-decl nil extra_tegies "Field/") (neg_add formula-decl nil extra_tegies "Field/") (both_sides_times1 formula-decl nil real_props nil) (div_cancel2 formula-decl nil real_props nil) (sqrt_sq formula-decl nil sqrt "reals/") (sqrt_4 formula-decl nil sqrt "reals/") (sqrt_times formula-decl nil sqrt "reals/") (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (quadratic_eq_0 formula-decl nil quadratic "reals/")) 309050 180280 t nil)) (line_esc_lem 0 (line_esc_lem-1 nil 3287939633 3288358694 ("" (skosimp*) (("" (lemma "alpha_calc_lem") (("" (inst?) (("" (expand "tan_condition?") (("" (assert) (("" (split -1) (("1" (hide -2 -3) (("1" (div-by -2 "vv!1`x") (("1" (replace -2 * rl) (("1" (expand "sq") (("1" (assert) (("1" (field -1) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (ground) nil nil) ("3" (flatten) (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (nonzero_times3 formula-decl nil real_props nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (times_div_cancel2 formula-decl nil extra_real_props "Manip/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (both_sides_div1 formula-decl nil real_props nil) (tan_condition? const-decl "bool" criteria nil) (alpha_calc_lem formula-decl nil hd_only nil)) 10761 2850 t nil)) (line_escape_TCC1 0 (line_escape_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (hide -2 -3 1) (("" (prop) (("1" (grind) (("1" (mult-cases -2) nil nil)) nil) ("2" (grind) nil nil)) nil)) nil)) nil) unchecked ((sq const-decl "nonneg_real" sq "reals/") (zero_times3 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil)) nil nil nil nil)) (line_escape_TCC2 0 (line_escape_TCC2-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (line_escape 0 (line_escape-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "quadratic_eq_0") (("" (inst?) (("" (assert) (("" (flatten) (("" (hide -1) (("" (split -1) (("1" (case-replace "ve!1`x = 0") (("1" (rewrite "sq_0") (("1" (assert) nil nil)) nil) ("2" (lemma "separation_lem") (("2" (inst -1 "s!1" "tau(s!1,ve!1)" "ve!1") (("2" (assert) (("2" (hide 4) (("2" (lemma "line_case_correctness") (("2" (inst?) (("2" (assert) (("2" (hide 2) (("2" (lemma "tau_is_tangent_pt") (("2" (inst?) (("2" (expand "at") (("2" (hide 2) (("2" (lemma "line_esc_lem") (("2" (inst?) (("2" (inst -1 "ve!1") (("2" (assert) (("2" (hide-all-but (-2 1)) (("2" (prop) (("2" (grind) (("2" (mult-cases -2) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((quadratic_eq_0 formula-decl nil quadratic "reals/") (= const-decl "[T, T -> boolean]" equalities nil) (sq_0 formula-decl nil sq "reals/") (tau const-decl "real" criteria nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (zero_times3 formula-decl nil real_props nil) (line_esc_lem formula-decl nil hd_only nil) (at const-decl "Vect3" criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (line_case_correctness formula-decl nil criteria nil) (separation_lem formula-decl nil criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) nil nil nil nil)) (line_esc_hd_only_TCC1 0 (line_esc_hd_only_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (line_esc_hd_only 0 (line_esc_hd_only-1 nil 3287939633 nil ("" (skosimp*) (("" (expand "heading_only?") (("" (lemma "quadratic_eq_0") (("" (inst?) (("" (replace -3) (("" (assert) (("" (hide -2 -3) (("" (case "sq(ve!1`x + vi!1`x) + sq(alpha!1*ve!1`x + vi!1`y) = sq(vo!1`x) + sq(vo!1`y)") (("1" (hide -2) (("1" (replace -2 * rl) (("1" (replace -3) (("1" (assert) (("1" (hide -2 -3) (("1" (prop) (("1" (expand "sq") (("1" (grind) nil nil)) nil) ("2" (hide -1) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (replace -2 * rl) (("2" (hide -2 -3 -4 -5) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((heading_only? const-decl "bool" common_defs nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (quadratic_eq_0 formula-decl nil quadratic "reals/")) nil nil nil nil)) (line_recovery_0_TCC1 0 (line_recovery_0_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (line_recovery_0 0 (line_recovery_0-1 nil 3287939633 nil ("" (skosimp*) (("" (case-replace "s!1 + te!1*ve!1 = sr!1 - (tr!1-te!1)*vr!1") (("1" (hide -1) (("1" (lemma "separation_lem") (("1" (inst -1 "sr!1 - (tr!1 - te!1) * vr!1" "tr!1-te!1+tau(sr!1,vr!1)" "vr!1") (("1" (assert) (("1" (hide 4) (("1" (case-replace "sr!1 - (tr!1 - te!1) * vr!1 + (tau(sr!1, vr!1) - te!1 + tr!1) * vr!1 = sr!1 + tau(sr!1, vr!1) * vr!1") (("1" (hide -1) (("1" (lemma "line_case_correctness") (("1" (inst?) (("1" (assert) (("1" (hide 2) (("1" (lemma "tau_is_tangent_pt") (("1" (inst -1 "sr!1" "vr!1") (("1" (assert) (("1" (expand "at") (("1" (hide 2) (("1" (expand "tan_condition?") (("1" (replace -5) (("1" (expand "sq") (("1" (hide-all-but (-3 1)) (("1" (rewrite "sq_rew") (("1" (rewrite "sq_rew") (("1" (rewrite "sq_rew") (("1" (replace -1 * rl) (("1" (hide -1) (("1" (case-replace "sq(D) * vr!1`y * vr!1`y = sq(vr!1`y)*sq(D)") (("1" (hide -1) (("1" (expand "sq") (("1" (propax) nil nil)) nil)) nil) ("2" (hide 2) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -1 -3 4) (("2" (cross-mult -2) (("2" (cross-mult -4) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (+ const-decl "Vect3" Vectors nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (* const-decl "Vect3" Vectors nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (separation_lem formula-decl nil criteria nil) (line_case_correctness formula-decl nil criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (sq_rew formula-decl nil sq "reals/") (sq const-decl "nonneg_real" sq "reals/") (tan_condition? const-decl "bool" criteria nil) (at const-decl "Vect3" criteria nil) (tau const-decl "real" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (bool nonempty-type-eq-decl nil booleans nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil)) nil nil nil nil)) (line_recovery_TCC1 0 (line_recovery_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (ground) (("" (mult-cases -2) (("" (expand "sq") (("" (assert) nil nil)) nil)) nil)) nil)) nil) unchecked ((sq const-decl "nonneg_real" sq "reals/") (zero_times3 formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil)) nil nil nil nil)) (line_recovery_TCC2 0 (line_recovery_TCC2-1 nil 3287939633 3288358740 ("" (skosimp*) (("" (assert) (("" (assert) nil nil)) nil)) nil) unchecked nil 5493 930 t nil)) (line_recovery 0 (line_recovery-1 nil 3287939633 nil ("" (skosimp*) (("" (expand "alpha_calc") (("" (name "TR" "tr!1") (("" (case-replace "s!1 + te!1*ve!1 = sr!1 - (tr!1-te!1)*vr!1") (("1" (hide -1) (("1" (lemma "separation_lem") (("1" (inst -1 "sr!1 - (tr!1 - te!1) * vr!1" "tr!1-te!1+tau(sr!1,vr!1)" "vr!1") (("1" (assert) (("1" (hide 5) (("1" (case-replace "sr!1 - (tr!1 - te!1) * vr!1 + (tau(sr!1, vr!1) - te!1 + tr!1) * vr!1 = sr!1 + tau(sr!1, vr!1) * vr!1") (("1" (hide -1) (("1" (lemma "line_case_correctness") (("1" (inst?) (("1" (assert) (("1" (hide 2) (("1" (lemma "tau_is_tangent_pt") (("1" (inst -1 "sr!1" "vr!1") (("1" (assert) (("1" (expand "at") (("1" (hide 2) (("1" (lemma "alpha_calc_lem") (("1" (inst -1 "alpha2!1" "eps!1" "sr!1") (("1" (assert) (("1" (split -1) (("1" (expand "tan_condition?") (("1" (hide-all-but (-1 -9 1 3)) (("1" (mult-by -1 "sq(vr!1`x)") (("1" (grind) nil nil)) nil)) nil)) nil) ("2" (hide-all-but (-5 1)) (("2" (grind) nil nil)) nil) ("3" (propax) nil nil) ("4" (expand "alpha_calc") (("4" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -1 -3 -4 -5 5) (("2" (replace -1) (("2" (hide -1) (("2" (cross-mult -1) (("2" (cross-mult -2) (("2" (expand "+ ") (("2" (expand "-") (("2" (expand "*") (("2" (mult-by -3 "te!1 - tr!1") (("2" (assert) (("2" (replace -1) (("2" (hide -1) (("2" (mult-by -2 "alpha2!1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((alpha_calc const-decl "real" hd_only nil) (Vect3 type-eq-decl nil Vectors nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (separation_lem formula-decl nil criteria nil) (line_case_correctness formula-decl nil criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (tan_condition? const-decl "bool" criteria nil) (/= const-decl "boolean" notequal nil) (alpha_calc_lem formula-decl nil hd_only nil) (at const-decl "Vect3" criteria nil) (tau const-decl "real" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (bool nonempty-type-eq-decl nil booleans nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (nonzero_real nonempty-type-eq-decl nil reals nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) nil nil nil nil)) (cir_esc_cyl_TCC1 0 (cir_esc_cyl_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (cir_esc_cyl 0 (cir_esc_cyl-1 nil 3287939633 3288358807 ("" (skosimp*) (("" (lemma "quadratic_eq_0") (("" (inst?) (("1" (assert) (("1" (flatten) (("1" (hide -1) (("1" (replace -12) (("1" (hide -12) (("1" (case "-2*SSy!1*thp!1*voe!1`y = sq(SSx!1) + sq(SSy!1) + 2*SSx!1*thp!1*voe!1`x +sq(thp!1)*(sq(voe!1`x) + sq(voe!1`y)) - sq(D)") (("1" (hide-all-but (-1 -4 -5 3)) (("1" (move-terms -1 r 5) (("1" (move-terms -1 l 1) (("1" (reveal -13) (("1" (grind) nil nil)) nil)) nil)) nil)) nil) ("2" (hide 4) (("2" (case-replace "sq(voe!1`y) + sq(voe!1`x) = sq(vo!1`x) + sq(vo!1`y) ") (("1" (hide -1) (("1" (move-terms 1 r 3) (("1" (replace -3) (("1" (replace -4) (("1" (replace -8 * rl) (("1" (move-terms 1 l 2) (("1" (replace -3 * rl) (("1" (replace -4 * rl) (("1" (transform-both 1 "sq(%1)") (("1" (hide 2) (("1" (rewrite "sq_times") (("1" (reveal -3) (("1" (isolate -1 l 1) (("1" (replace -1) (("1" (hide -1) (("1" (assert) (("1" (expand "sq" 1 7) (("1" (case-replace "4 * (voe!1`x * voe!1`x * SSx!1 * SSx!1 * thp!1 * thp!1) = 4 * sq(voe!1`x) * sq(SSx!1) * sq(thp!1)") (("1" (isolate 1 r 2) (("1" (move-terms 1 l 3) (("1" (hide -1) (("1" (factor -5 r) (("1" (case-replace "4 * sq(voe!1`x) * sq(SSx!1) * sq(thp!1) + sq(voe!1`x) * sq(-2 * (SSy!1 * thp!1)) = A!1 * sq(voe!1`x)") (("1" (hide -1) (("1" (isolate -1 l 2) (("1" (assert) (("1" (replace -1) (("1" (hide -1 -2 -5) (("1" (case "B!1 = 4 * E!1 * SSx!1 * thp!1") (("1" (replace -1) (("1" (assert) (("1" (hide -1 -4) (("1" (rewrite "sq_times" +) (("1" (case-replace "sq(-2) = 4") (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (replace -1) (("1" (hide -1) (("1" (hide -2) (("1" (assert) (("1" (replace -1) (("1" (hide -1 -2) (("1" (expand "sq") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (replace -1) (("2" (hide -1) (("2" (replace -1) (("2" (hide -1) (("2" (replace -1) (("2" (hide -1) (("2" (replace -1) (("2" (hide -1) (("2" (expand "sq") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (hide-all-but (-5 1)) (("2" (replace -1) (("2" (expand "sq") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (expand "sq") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 -4 -5 1)) (("2" (reveal -12) (("2" (name "SD1" "-2 * SSy!1 * thp!1 * voe!1`y") (("2" (name "SD2" "E!1 + 2 * SSx!1 * thp!1 * voe!1`x") (("2" (replace -1) (("2" (replace -2) (("2" (replace -5) (("2" (replace -6) (("2" (assert) (("2" (replace -1) (("2" (replace -2) (("2" (hide -3 -5 -6) (("2" (reveal -10) (("2" (replace -2) (("2" (hide -2) (("2" (replace -2) (("2" (hide -2) (("2" (lemma "sq_eq_abs") (("2" (inst?) (("2" (assert) (("2" (hide -3) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (hide 2) (("2" (hide-all-but (-12 1)) (("2" (transform-both -1 "sq(%1)") (("1" (hide -2) (("1" (rewrite "sq_sqrt") (("1" (assert) nil nil)) nil)) nil) ("2" (assert) (("2" (assert) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil) unchecked ((real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (/= const-decl "boolean" notequal nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (on_cyl? const-decl "bool" criteria nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (sign const-decl "Sign" sign nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (sq_eq_abs formula-decl nil sq "reals/") (sq_times formula-decl nil sq "reals/") (NOT const-decl "[bool -> bool]" booleans nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (sq_sqrt formula-decl nil sqrt "reals/") (quadratic_eq_0 formula-decl nil quadratic "reals/")) 48576 27930 t nil)) (circle_escape_TCC1 0 (circle_escape_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (circle_escape 0 (circle_escape-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "circle_correctness") (("" (inst -1 "s!1" "ve!1") (("" (assert) (("" (case "ve!1`z = v!1`z") (("1" (assert) (("1" (expand "at") (("1" (flatten) (("1" (lemma "cir_esc_cyl") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) (("1" (expand "exit_point?") (("1" (expand "entry_point?") (("1" (hide -3 -4 -5 -6 -7 -8) (("1" (typepred "eps!1") (("1" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (assert) (("2" (replace -15) (("2" (replace -14) (("2" (expand "-") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((circle_correctness formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (exit_point? const-decl "bool" criteria nil) (NOT const-decl "[bool -> bool]" booleans nil) (entry_point? const-decl "bool" criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (cir_esc_cyl formula-decl nil hd_only nil) (at const-decl "Vect3" criteria nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) nil nil nil nil)) (cir_hd_only_TCC1 0 (cir_hd_only_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (cir_hd_only 0 (cir_hd_only-1 nil 3287939633 nil ("" (skosimp*) (("" (transform-both -2 "sq(%1)") (("1" (hide -3) (("1" (rewrite "sq_sqrt") (("1" (expand "heading_only?") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (assert) nil nil) ("3" (assert) nil nil)) nil)) nil) unchecked ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (Vect3 type-eq-decl nil Vectors nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq_sqrt formula-decl nil sqrt "reals/") (heading_only? const-decl "bool" common_defs nil)) nil nil nil nil)) (cir_rec_lem_TCC1 0 (cir_rec_lem_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (cir_rec_lem_TCC2 0 (cir_rec_lem_TCC2-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (cir_rec_lem 0 (cir_rec_lem-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "quadratic_eq_0") (("" (inst?) (("1" (assert) (("1" (assert) (("1" (replace -7) (("1" (assert) (("1" (hide -6 -7) (("1" (replace -6) (("1" (hide -6) (("1" (expand "+ ") (("1" (expand "*") (("1" (mult-by 3 "sq(tr!1-te!1)") (("1" (assert) (("1" (name "TR_TE" "tr!1-te!1") (("1" (replace -1) (("1" (cross-mult -7) (("1" (cross-mult -8) (("1" (rewrite "sq_times" + :dir rl) (("1" (rewrite "sq_times" + :dir rl) (("1" (replace -7) (("1" (hide -7) (("1" (replace -7) (("1" (hide -7) (("1" (assert) (("1" (replace -1 * rl) (("1" (hide -1) (("1" (assert) (("1" (expand "sq") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (1 3)) (("2" (lemma "sq_eq_0") (("2" (inst?) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil) unchecked ((quadratic_eq_0 formula-decl nil quadratic "reals/") (* const-decl "Vect3" Vectors nil) (sq_eq_0 formula-decl nil sq "reals/") (sq_times formula-decl nil sq "reals/") (div_cancel4 formula-decl nil extra_real_props "Manip/") (= const-decl "[T, T -> boolean]" equalities nil) (Vect3 type-eq-decl nil Vectors nil) (both_sides_times1 formula-decl nil real_props nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (/= const-decl "boolean" notequal nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil)) nil nil nil nil)) (circle_recovery_TCC1 0 (circle_recovery_TCC1-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (circle_recovery_TCC2 0 (circle_recovery_TCC2-1 nil 3287939633 nil ("" (skosimp*) (("" (assert) nil nil)) nil) unchecked nil nil nil nil nil)) (circle_recovery 0 (circle_recovery-1 nil 3287939633 3288361654 ("" (skosimp*) (("" (lemma "cir_rec_lem") (("" (inst -1 "Ax!1" "Ay!1" "B_x!1" "B_y!1" "s!1" "sr!1" "te!1" "tpp!1" "tr!1" "v!1" "ve!1" "vr!1") (("" (assert) (("" (split -1) (("1" (hide -10 -11) (("1" (case-replace "s!1 + te!1*ve!1 = sr!1 - (tr!1-te!1)*vr!1") (("1" (hide -1) (("1" (lemma "separation_lem") (("1" (inst -1 "sr!1 - (tr!1 - te!1) * vr!1" "tpp!1-te!1" "vr!1") (("1" (hide -1) (("1" (lemma "separation_lem") (("1" (inst -1 "sr!1 - (tr!1 - te!1) * vr!1" "tpp!1-te!1" "vr!1") (("1" (assert) (("1" (hide 5) (("1" (case-replace "sr!1 - (tr!1 - te!1) * vr!1 + (tpp!1 - te!1) * vr!1 = sr!1 + (tpp!1 - tr!1)* vr!1") (("1" (hide -1) (("1" (lemma "ccc") (("1" (inst?) (("1" (assert) (("1" (split +) (("1" (hide-all-but (-4 -5 -12 -13 1)) (("1" (expand "theta") (("1" (cross-mult -2) (("1" (grind) nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 2) (("2" (expand "entry_point?") (("2" (case "on_cyl?(sr!1 + (tpp!1 - tr!1) * vr!1)") (("1" (expand "entry?") (("1" (assert) (("1" (hide 2) (("1" (hide-all-but (-5 -6 -14 1)) (("1" (lemma "vertical_entry_exit_condition") (("1" (inst -1 "1" "s!1`z" "v!1`z") (("1" (assert) (("1" (replace -3 * rl) (("1" (hide -3) (("1" (replace -2) (("1" (hide -2) (("1" (replace -2) (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2 3 4) (("2" (hide-all-but (-1 -4 -10 -11 -12 1)) (("2" (cross-mult -3) (("2" (cross-mult -4) (("2" (move-terms -3 r 2) (("2" (move-terms -4 r 2) (("2" (isolate -3 l 3) (("2" (isolate -4 l 3) (("2" (replace -3) (("2" (replace -4) (("2" (hide -3 -4) (("2" (assert) (("2" (replace -2) (("2" (hide -2) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-4 -10 -11 -12 -13 1)) (("2" (cross-mult -2) (("2" (cross-mult -3) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((cir_rec_lem formula-decl nil hd_only nil) (ccc formula-decl nil criteria nil) (entry_point? const-decl "bool" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (entry? const-decl "bool" criteria nil) (vertical_entry_exit_condition formula-decl nil common_defs nil) (nzreal nonempty-type-eq-decl nil reals nil) (on_cyl? const-decl "bool" criteria nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (theta const-decl "real" criteria nil) (separation_lem formula-decl nil criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (= const-decl "[T, T -> boolean]" equalities nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 219157 24420 t nil)) (in_circle_recovery 0 (in_circle_recovery-1 nil 3287939633 nil ("" (skosimp*) (("" (expand "separation_pos?") (("" (skosimp*) (("" (hide 2) (("" (expand "vert_sep?") (("" (expand "+ ") (("" (expand "*") (("" (replace -2) (("" (case "v!1`z >= 0") (("1" (expand "theta") (("1" (expand "sign") (("1" (assert) (("1" (cross-mult -2) (("1" (mult-by -1 "tt!1" +) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "theta") (("2" (expand "sign") (("2" (assert) (("2" (cross-mult -1) (("2" (mult-by 1 "tt!1" +) (("1" (assert) (("1" (expand "abs") (("1" (ground) nil nil)) nil)) nil) ("2" (case-replace "tt!1 = 0") (("1" (assert) (("1" (expand "abs") (("1" (assert) nil nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((separation_pos? const-decl "bool" hd_only nil) (+ const-decl "Vect3" Vectors nil) (both_sides_times_pos_ge1 formula-decl nil real_props nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (= const-decl "[T, T -> boolean]" equalities nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (theta const-decl "real" criteria nil) (both_sides_times_pos_ge1_imp formula-decl nil extra_real_props "Manip/") (div_cancel4 formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (H const-decl "posreal" criteria nil) (sign const-decl "Sign" sign nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (Vect3 type-eq-decl nil Vectors nil) (* const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil)) nil nil nil nil)) (out_circle_recovery 0 (out_circle_recovery-1 nil 3287939633 nil ("" (skosimp*) (("" (lemma "cir_esc_cyl") (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) (("" (replace -12) (("" (hide -3 -4 -5 -6 -7 -8 -10 -11 -12 -13) (("" (lemma "ccc") (("" (inst?) (("" (assert) (("" (split +) (("1" (lemma "reaching_H_theta") (("1" (inst -1 "-1" "s!1`z" "ve!1`z") (("1" (hide -2 -5 -9 4) (("1" (grind :exclude "theta") nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 1) (("2" (expand "exit_point?") (("2" (hide -1 4) (("2" (expand "theta") (("2" (cross-mult -1) (("2" (expand "+ ") (("2" (case "v!1`z > 0") (("1" (expand "sign") (("1" (expand "*") (("1" (hide -8) (("1" (hide -3 -4 -5 -6 -7) (("1" (assert) (("1" (mult-by -2 "v!1`z") (("1" (assert) (("1" (assert) (("1" (mult-by -2 "H") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "sign") (("2" (assert) (("2" (expand "*") (("2" (hide -7) (("2" (mult-by -1 "v!1`z") (("2" (assert) (("2" (assert) (("2" (mult-by 1 "H") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((cir_esc_cyl formula-decl nil hd_only nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (reaching_H_theta formula-decl nil common_defs nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (both_sides_times_pos_gt1 formula-decl nil real_props nil) (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (theta const-decl "real" criteria nil) (exit_point? const-decl "bool" criteria nil) (ccc formula-decl nil criteria nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) nil nil nil nil))) $$$line_line_hd.pvs line_line_hd: THEORY BEGIN IMPORTING criteria, common_defs, hd_only vo : VAR Vect3 % Ownship velocity voe : VAR Vect3 % Ownship Escape velocity vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape maneuver sr : VAR Vect3 % Relative position at the end of the escape maneuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time eps : VAR Sign %% SOLUTIONS THAT RESULT IN ve`x = 0 llhd_escape_0: THEOREM %% IF sq(vo`x) + sq(vo`y) >= sq(vi`x) ve = voe - vi AND sq(vo`x) + sq(vo`y) >= sq(vi`x) AND % TEST CONDITION sq(D) = sq(s`x) AND % TEST CONDITION voe`x = vi`x AND % COMPUTED VALUE voe`y = eps*sqrt(sq(vo`x)+sq(vo`y)-sq(vi`x)) AND % COMPUTED VALUE hor_speed_gt_0?(ve) % TEST AFTER COMPUTATION IMPLIES separation?(s,ve) % Note. The proof of llhd_escape_A does not use the premises that define % voe`y (i.e. premises 2 and 5). This theorem is true for all voe`y. % This particular value is chosen so that we have a manuevar that only changes % the heading. The following theorem shows this is true. llhd_esc_0_hd_only: THEOREM sq(vo`x) + sq(vo`y) >= sq(vi`x) AND % TEST CONDITION voe`x = vi`x AND % COMPUTED VALUE voe`y = eps*sqrt(sq(vo`x)+sq(vo`y)-sq(vi`x))AND % COMPUTED VALUE voe`z = vo`z IMPLIES heading_only?(vo,voe) %% ESCAPE SOLUTIONS THAT RESULT IN ve'x /= 0 alpha: VAR real % ----- defined in hd_only ----- % % alpha_calc(eps: real, s | IF sq(D) = sq(s`x) THEN s`x*s`y /= 0 ELSE % sq(s`x) + sq(s`y) - sq(D) >= 0 ENDIF): real = % IF sq(D) = sq(s`x) THEN (sq(s`y) - sq(D))/(2*s`x*s`y) % ELSE (-s`x*s`y+eps*D*sqrt(sq(s`x)+sq(s`y)-sq(D)))/(sq(D)-sq(s`x)) % ENDIF llhd_escape: THEOREM sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION hor_speed_gt_0?(ve) AND % TEST AFTER COMPUTATION discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND alpha = alpha_calc(eps,s) AND % COMPUTED VALUE (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x % COMPUTED VALUE IMPLIES separation?(s,ve) llhd_esc_hd_only: THEOREM sq(s`x) + sq(s`y) > sq(D) AND % TEST CONDITION sq(vo`x) + sq(vo`y) /= sq(vi`x)+sq(vi`y) AND % TEST CONDITION ve = voe - vi AND discr(1 + sq(alpha), 2*(vi`x + alpha * vi`y), % TEST CONDITION sq(vi`x) + sq(vi`y) - sq(vo`x) - sq(vo`y)) >= 0 AND alpha = alpha_calc(eps,s) AND % COMPUTED VALUE (ve`x = x1(1+sq(alpha), % COMPUTED VALUE 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y)) OR ve`x = x2(1+sq(alpha), 2*(vi`x+alpha*vi`y), sq(vi`x)+sq(vi`y)-sq(vo`x)-sq(vo`y))) AND ve`y = alpha*ve`x AND % COMPUTED VALUE voe`z = vo`z IMPLIES heading_only?(vo,voe) %% RECOVERY SOLUTIONS THAT RESULT IN vr`x = 0 llhd_recovery_A: THEOREM hor_speed_gt_0?(vr) AND % TEST CONDITION AFTER COMPUTATION te * ve`y = tr * v`y AND % TEST CONDITION ve`x /= 0 AND % TEST CONDITION te = tr*v`x/ve`x AND % COMPUTED VALUE vr`x = 0 AND % COMPUTED VALUE vr`y = 0 AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) llhd_recovery_0: THEOREM %% CASE vr`x = 0 AND sq(D) = sq(sr`x) hor_speed_gt_0?(vr) AND % TEST CONDITION AFTER COMPUTATION sr = s + tr*v AND sq(D) = sq(sr`x) AND % TEST CONDITION ve`x /= 0 AND % TEST CONDITION tr /= te AND % TEST CONDITION te = tr*v`x/ve`x AND % COMPUTED VALUE vr`x = 0 AND % COMPUTED VALUE vr`y = (tr*v`y - te*ve`y)/(tr-te) AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) %% RECOVERY SOLUTIONS THAT RESULT IN vr`x /= 0 alpha2: VAR real % ------- replace by alpha_calc_lem ------- % % llhd_rec_C_lem: LEMMA % sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION % sr`y /= 0 AND % TEST CONDITION % alpha2 = alpha_calc(eps,sr) % COMPUTED VALUE % IMPLIES % sq(D)*(1+sq(alpha2)) = sq(sr`x*alpha2 - sr`y) llhd_recovery: THEOREM sr = s + tr*v AND hor_speed_gt_0?(vr) AND % TEST AFTER COMPUTATION tr /= te AND % TEST AFTER COMPUTATION sq(sr`x) + sq(sr`y) - sq(D) >= 0 AND % TEST CONDITION sr`y /= 0 AND % TEST CONDITION alpha2 = alpha_calc(eps,sr) AND % COMPUTED VALUE ve`y-alpha2*ve`x /= 0 AND % TEST AFTER COMPUTATION te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND % COMPUTED VALUE vr`x = (tr*v`x-te*ve`x)/(tr-te) AND % COMPUTED VALUE vr`y = alpha2*vr`x AND % COMPUTED VALUE ve`z = v`z AND % COMPUTED VALUE vr`z = v`z % COMPUTED VALUE IMPLIES separation?(s+te*ve,vr) llhd_timeliness: THEOREM te /= tr AND vr`x = (tr*v`x-te*ve`x)/(tr-te) AND vr`y = alpha2*vr`x AND ve`y-alpha2*ve`x /= 0 AND te = tr*(v`y-alpha2*v`x)/(ve`y-alpha2*ve`x) AND vr`z = v`z AND ve`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr % NOTE: Recoveries are not "heading_only", may also involve speed change END line_line_hd $$$line_line_hd.prf (line_line_hd (llhd_escape_0_TCC1 0 (llhd_escape_0_TCC1-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((sq const-decl "nonneg_real" sq "reals/") nil) nil nil nil nil)) (llhd_escape_0 0 (llhd_escape_0-1 nil 3288109365 nil ("" (skosimp*) (("" (lemma "line_escape_0") (("" (inst?) (("" (assert) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (line_escape_0 formula-decl nil hd_only nil)) nil nil nil nil)) (llhd_esc_0_hd_only_TCC1 0 (llhd_esc_0_hd_only_TCC1-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (llhd_esc_0_hd_only 0 (llhd_esc_0_hd_only-1 nil 3288109365 nil ("" (skosimp*) (("" (lemma "line_esc_0_hd_only") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (line_esc_0_hd_only formula-decl nil hd_only nil)) nil nil nil nil)) (llhd_escape_TCC1 0 (llhd_escape_TCC1-1 nil 3288109365 nil ("" (skosimp*) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (llhd_escape_TCC2 0 (llhd_escape_TCC2-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((discr const-decl "real" quadratic "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil)) nil nil nil nil)) (llhd_escape 0 (llhd_escape-1 nil 3288109365 nil ("" (skosimp*) (("" (lemma "line_escape") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-incomplete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (line_escape formula-decl nil hd_only nil)) nil nil nil nil)) (llhd_esc_hd_only_TCC1 0 (llhd_esc_hd_only_TCC1-1 nil 3288109365 nil ("" (skosimp*) (("" (ground) (("" (mult-cases -2) (("1" (expand "sq") (("1" (assert) nil nil)) nil) ("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (llhd_esc_hd_only_TCC2 0 (llhd_esc_hd_only_TCC2-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((discr const-decl "real" quadratic "reals/") nil (sq const-decl "nonneg_real" sq "reals/") (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil)) nil nil nil nil)) (llhd_esc_hd_only 0 (llhd_esc_hd_only-1 nil 3288109365 nil ("" (skosimp*) (("" (lemma "quadratic_eq_0") (("" (inst?) (("" (assert) (("" (flatten) (("" (hide -1) (("" (split -1) (("1" (hide -2 -4 -5 -6 -8 1) (("1" (expand "heading_only?") (("1" (case "sq(ve!1`x + vi!1`x) + sq(alpha!1*ve!1`x+vi!1`y) = sq(vo!1`x) + sq(vo!1`y)") (("1" (hide -2) (("1" (replace -3 * rl) (("1" (hide -3) (("1" (replace -2) (("1" (hide -2) (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -3 -4 2) (("2" (hide -2) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (heading_only? const-decl "bool" common_defs nil) nil (= const-decl "[T, T -> boolean]" equalities nil) (quadratic_eq_0 formula-decl nil quadratic "reals/")) nil nil nil nil)) (llhd_recovery_A 0 (llhd_recovery_A-1 nil 3288109365 nil ("" (skosimp*) (("" (name "SR" "s!1 + tr!1*v!1") (("" (case-replace "s!1 + te!1*ve!1 = SR - (tr!1-te!1)*vr!1") (("1" (hide -1) (("1" (lemma "separation_lem") (("1" (inst -1 "SR - (tr!1 - te!1) * vr!1" "tr!1-te!1+tau(SR,vr!1)" "vr!1") (("1" (assert) (("1" (hide 3) (("1" (case-replace "SR - (tr!1 - te!1) * vr!1 + (tau(SR, vr!1) - te!1 + tr!1) * vr!1 = SR + tau(SR, vr!1) * vr!1") (("1" (hide -1) (("1" (lemma "line_case_correctness") (("1" (inst?) (("1" (assert) (("1" (hide 2) (("1" (lemma "tau_is_tangent_pt") (("1" (inst -1 "SR" "vr!1") (("1" (assert) (("1" (expand "at") (("1" (hide 2) (("1" (expand "tan_condition?") (("1" (replace -5) (("1" (replace -6) (("1" (expand "sq") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -2 3) (("2" (grind) nil nil)) nil)) nil)) nil)) nil) proved-complete (nil (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (separation_lem formula-decl nil criteria nil) (line_case_correctness formula-decl nil criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (sq const-decl "nonneg_real" sq "reals/") (tan_condition? const-decl "bool" criteria nil) (at const-decl "Vect3" criteria nil) (tau const-decl "real" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (+ const-decl "Vect3" Vectors nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (* const-decl "Vect3" Vectors nil)) nil nil nil nil)) (llhd_recovery_0_TCC1 0 (llhd_recovery_0_TCC1-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((/= const-decl "boolean" notequal nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil)) nil nil nil nil)) (llhd_recovery_0 0 (llhd_recovery_0-1 nil 3288109365 nil ("" (skosimp*) (("" (lemma "line_recovery_0") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (line_recovery_0 formula-decl nil hd_only nil)) nil nil nil nil)) (llhd_recovery_TCC1 0 (llhd_recovery_TCC1-1 nil 3288109365 nil ("" (skosimp*) (("" (ground) (("" (mult-cases -2) (("" (expand "sq") (("" (assert) nil nil)) nil)) nil)) nil)) nil) proved-complete ((Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (zero_times3 formula-decl nil real_props nil) (sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (llhd_recovery_TCC2 0 (llhd_recovery_TCC2-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((/= const-decl "boolean" notequal nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil)) nil nil nil nil)) (llhd_recovery 0 (llhd_recovery-1 nil 3288109365 3288109384 ("" (skosimp*) (("" (lemma "line_recovery") (("" (inst?) (("" (inst?) (("" (inst?) (("" (assert) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((line_recovery formula-decl nil hd_only nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 18203 2120 t nil)) (llhd_timeliness_TCC1 0 (llhd_timeliness_TCC1-1 nil 3288109365 nil ("" (subtype-tcc) nil nil) proved-complete ((/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) nil nil nil nil)) (llhd_timeliness 0 (llhd_timeliness-1 nil 3288109365 nil ("" (skosimp*) (("" (lemma "alpha_timeliness") (("" (inst?) (("" (assert) (("" (inst -1 "alpha2!1") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (alpha_timeliness formula-decl nil timeliness nil)) nil nil nil nil))) $$$heading_only.pvs heading_only: THEORY BEGIN IMPORTING line_line_hd, line_circle_hd, circle_line_hd, circle_circle_hd, in_circle_hd, out_circle_hd, line_line_hd_comb, line_circle_hd_comb, circle_line_hd_comb, circle_circle_hd_comb, in_circle_hd_comb, out_circle_hd_comb, extra_hd END heading_only $$$gs_only_prop.pvs gs_only_prop: THEORY BEGIN IMPORTING gs_only_algo, gs_only, criteria, common_defs, sign s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity vv : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR posreal % Recovery time te : VAR real % Escape time t : VAR real % time k, j : VAR real % scale factors for escape and recovery ground speed ss : VAR real % generic scale factor m : VAR solution a : VAR real b : VAR real c : VAR real % % % ---------------------------------------------------------------- % Proofs of Algorithm Components % ---------------------------------------------------------------- % % line_factor_is_sep : LEMMA ss = compute_line_factor(s, vo, vi, tr) AND vv = (# x:= ss*vo`x - vi`x, y:= ss*vo`y - vi`y, z:= vo`z - vi`z #) IMPLIES separation?(s, vv) OR ss = 0 line_factor_is_sep_alt : LEMMA ss = compute_line_factor_alt(s, vo, vi, tr) AND vv = (# x:= ss*vo`x - vi`x, y:= ss*vo`y - vi`y, z:= vo`z - vi`z #) IMPLIES separation?(s, vv) OR ss = 0 escape_is_oncyl : LEMMA k = compute_in_circle_factor(s, vo, vi, tr) AND ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) AND k /= 0 IMPLIES on_cyl?(at(s, ve, theta(-1,s`z,ve`z))) escape_is_oncyl_alt : LEMMA k = compute_in_circle_factor_alt(s, vo, vi, tr) AND ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) AND k /= 0 IMPLIES on_cyl?(at(s, ve, theta(-1,s`z,ve`z))) escape_is_exit : LEMMA k = compute_in_circle_factor(s, vo, vi, tr) AND ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) AND k /= 0 IMPLIES exit_point?(at(s, ve, theta(-1,s`z,ve`z)), ve) AND ve`z /= 0 escape_is_exit_alt : LEMMA k = compute_in_circle_factor_alt(s, vo, vi, tr) AND ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) AND k /= 0 IMPLIES exit_point?(at(s, ve, theta(-1,s`z,ve`z)), ve) AND ve`z /= 0 circle_escape_is_sep : LEMMA (k = compute_in_circle_factor(s, vo, vi, tr) OR k = compute_in_circle_factor_alt(s, vo, vi, tr)) AND ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IMPLIES separation?(s, ve) OR k = 0 recovery_is_oncyl : LEMMA j = compute_out_circle_factor(s, vo, vi, tr) AND vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) AND j /= 0 IMPLIES on_cyl?(at(s+tr*(vo-vi), vr, theta(1,s`z,vr`z) - tr)) recovery_is_oncyl_alt : LEMMA j = compute_out_circle_factor_alt(s, vo, vi, tr) AND vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) AND j /= 0 IMPLIES on_cyl?(at(s+tr*(vo-vi), vr, theta(1,s`z,vr`z) - tr)) recovery_is_entry : LEMMA j = compute_out_circle_factor(s, vo, vi, tr) AND vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) AND j /= 0 IMPLIES entry_point?(at(s+tr*(vo-vi), vr, theta(1,s`z,vr`z) - tr), vr) AND vr`z /= 0 recovery_is_entry_alt : LEMMA j = compute_out_circle_factor_alt(s, vo, vi, tr) AND vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) AND j /= 0 IMPLIES entry_point?(at(s+tr*(vo-vi), vr, theta(1,s`z,vr`z) - tr), vr) AND vr`z /= 0 circle_recovery_is_sep : LEMMA (j = compute_out_circle_factor(s, vo, vi, tr) OR j = compute_out_circle_factor_alt(s, vo, vi, tr)) AND vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) IMPLIES separation?(s + tr * (vo - vi), vr) OR j = 0 in_circle_is_sep : LEMMA k = compute_factor_for_in_circle(j, s, vo, vi, tr) AND ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IMPLIES separation?(s, ve) OR k = 0 out_circle_is_sep : LEMMA j = compute_factor_for_out_circle(k, s, vo, vi, tr) AND vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) IMPLIES separation?(s + tr * (vo - vi), vr) OR j = 0 sep_summary : LEMMA ss = compute_line_factor(s, vo, vi, tr) OR ss = compute_line_factor_alt(s, vo, vi, tr) OR ss = compute_in_circle_factor(s, vo, vi, tr) OR ss = compute_in_circle_factor_alt(s, vo, vi, tr) OR ss = compute_factor_for_in_circle(j, s, vo, vi, tr) IMPLIES (separation?(s, (# x:= ss*vo`x - vi`x, y:= ss*vo`y - vi`y, z:= vo`z - vi`z #)) OR ss = 0) sep_summary_rec : LEMMA ss = compute_line_factor(at(s,vo-vi,tr), vo, vi, tr) OR ss = compute_line_factor_alt(at(s,vo-vi,tr), vo, vi, tr) OR ss = compute_out_circle_factor(s, vo, vi, tr) OR ss = compute_out_circle_factor_alt(s, vo, vi, tr) OR ss = compute_factor_for_out_circle(k, s, vo, vi, tr) IMPLIES (separation?(at(s,vo-vi,tr), (# x:= ss*vo`x - vi`x, y:= ss*vo`y - vi`y, z:= vo`z - vi`z #)) OR ss = 0) % % % ----------------------------------------------------------- % Proofs of Groud-Speed Only % ----------------------------------------------------------- % % form_algo_correct : LEMMA (separation?(s,(# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #)) OR k = 0) AND (separation?(s + tr * (vo - vi), (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #)) OR j = 0) AND member(m, form_gs_solution(k, j, s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + tr * (vo - vi), m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND ground_speed_only?(m`ve+vi, vo, vi) AND ground_speed_only?(m`vr+vi, vo, vi) form_properties : LEMMA member(m, form_gs_solution(k, j, s, vo, vi, tr)) IFF m`ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) AND m`vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) AND k > 0 AND j > 0 AND j /= k AND m`te = tr * (1 - j) / (k - j) AND 0 < tr * (1 - j) / (k - j) AND tr * (1 - j) / (k - j) < tr constant_combinations : LEMMA member(m, gs_only_algo(s, vo, vi, tr)) IMPLIES EXISTS k,j: member(m, form_gs_solution(k, j, s, vo, vi, tr)) AND ((k = compute_line_factor(s, vo, vi, tr) AND j = compute_line_factor(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_line_factor_alt(s, vo, vi, tr) AND j = compute_line_factor(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_line_factor(s, vo, vi, tr) AND j = compute_line_factor_alt(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_line_factor_alt(s, vo, vi, tr) AND j = compute_line_factor_alt(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_line_factor(s, vo, vi, tr) AND j = compute_out_circle_factor(s, vo, vi, tr)) OR (k = compute_line_factor_alt(s, vo, vi, tr) AND j = compute_out_circle_factor(s, vo, vi, tr)) OR (k = compute_line_factor(s, vo, vi, tr) AND j = compute_out_circle_factor_alt(s, vo, vi, tr)) OR (k = compute_line_factor_alt(s, vo, vi, tr) AND j = compute_out_circle_factor_alt(s, vo, vi, tr)) OR (k = compute_in_circle_factor(s, vo, vi, tr) AND j = compute_line_factor(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_in_circle_factor(s, vo, vi, tr) AND j = compute_line_factor_alt(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_in_circle_factor_alt(s, vo, vi, tr) AND j = compute_line_factor(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_in_circle_factor_alt(s, vo, vi, tr) AND j = compute_line_factor_alt(at(s, vo - vi, tr), vo, vi, tr)) OR (k = compute_in_circle_factor(s, vo, vi, tr) AND j = compute_out_circle_factor(s, vo, vi, tr)) OR (k = compute_in_circle_factor_alt(s, vo, vi, tr) AND j = compute_out_circle_factor(s, vo, vi, tr)) OR (k = compute_in_circle_factor(s, vo, vi, tr) AND j = compute_out_circle_factor_alt(s, vo, vi, tr)) OR (k = compute_in_circle_factor_alt(s, vo, vi, tr) AND j = compute_out_circle_factor_alt(s, vo, vi, tr)) OR (k = compute_factor_for_in_circle(j,s, vo, vi, tr) AND j = compute_out_circle_factor(s, vo, vi, tr)) OR (k = compute_factor_for_in_circle(j,s, vo, vi, tr) AND j = compute_out_circle_factor_alt(s, vo, vi, tr)) OR (k = compute_in_circle_factor(s, vo, vi, tr) AND j = compute_factor_for_out_circle(k,s, vo, vi, tr)) OR (k = compute_in_circle_factor_alt(s, vo, vi, tr) AND j = compute_factor_for_out_circle(k,s, vo, vi, tr))) gs_only_makes_sep : LEMMA member(m, gs_only_algo(s, vo, vi, tr)) IMPLIES EXISTS k,j: member(m, form_gs_solution(k, j, s, vo, vi, tr)) AND separation?(s,(# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #)) AND separation?(s + tr * (vo - vi), (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #)) gs_only_algo_correct_alt : THEOREM FORALL m:member(m, gs_only_algo(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + tr * (vo - vi), m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND ground_speed_only?(m`ve+vi, vo, vi) AND ground_speed_only?(m`vr+vi, vo, vi) gs_only_algo_correct : THEOREM FORALL m:member(m, gs_only_algo(s, vo, vi, tr)) IMPLIES pred_sep?(s, m`ve, m`te) AND pred_sep?(s + m`te * m`ve, m`vr, tr - m`te) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND ground_speed_only?(m`ve+vi, vo, vi) AND ground_speed_only?(m`vr+vi, vo, vi) END gs_only_prop $$$gs_only_prop.prf (gs_only_prop (line_factor_is_sep 0 (line_factor_is_sep-1 nil 3287930047 3311528762 ("" (skosimp*) (("" (auto-rewrite "root") (("" (case "ground_speed_only_absolute?(vv!1, ss!1, vo!1, vi!1)") (("1" (expand "compute_line_factor") (("1" (assert) (("1" (lift-if) (("1" (split) (("1" (flatten) (("1" (lift-if) (("1" (lemma "constant_for_line_alt") (("1" (inst?) (("1" (inst?) (("1" (inst - "s!1") (("1" (lemma "line_correctness") (("1" (inst?) (("1" (inst - "s!1") (("1" (assert) (("1" (hide 2) (("1" (split -2) (("1" (flatten) (("1" (assert) (("1" (split -3) (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (lift-if) (("2" (split -3) (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil) ("2" (expand "ground_speed_only_absolute?") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) proved ((compute_line_factor const-decl "nnreal" gs_only_algo nil) (constant_for_line_alt formula-decl nil gs_only nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (- const-decl "[numfield -> numfield]" number_fields nil) (line_correctness formula-decl nil gs_only nil) (root const-decl "real" quadratic "reals/") (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil)) 34111 33570 t nil)) (line_factor_is_sep_alt 0 (line_factor_is_sep_alt-1 nil 3287930047 3311528766 ("" (skosimp*) (("" (expand "compute_line_factor_alt") (("" (assert) (("" (lift-if) (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "line_correctness") (("1" (inst?) (("1" (inst - "ss!1" "vi!1" "vo!1") (("1" (assert) (("1" (hide 3) (("1" (lemma "constant_for_line_alt") (("1" (inst?) (("1" (inst?) (("1" (inst - "s!1") (("1" (assert) (("1" (case "ground_speed_only_absolute?(vv!1, ss!1, vo!1, vi!1)") (("1" (assert) nil nil) ("2" (expand "ground_speed_only_absolute?") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((compute_line_factor_alt const-decl "nnreal" gs_only_algo nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (constant_for_line_alt formula-decl nil gs_only nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (- const-decl "[numfield -> numfield]" number_fields nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (line_correctness formula-decl nil gs_only nil)) 4200 4050 nil nil)) (escape_is_oncyl_TCC1 0 (escape_is_oncyl_TCC1-1 nil 3287930047 3311528767 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (compute_in_circle_factor const-decl "nnreal" gs_only_algo nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil)) 559 510 nil nil)) (escape_is_oncyl 0 (escape_is_oncyl-1 nil 3287930047 3311528783 ("" (skosimp*) (("" (case "z(vo!1-vi!1)=ve!1`z") (("1" (expand "compute_in_circle_factor") (("1" (lift-if) (("1" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "constant_for_circle_alt") (("1" (inst?) (("1" (inst?) (("1" (inst - "k!1" "vi!1" "vo!1") (("1" (assert) (("1" (hide 4) (("1" (split -1) (("1" (flatten) (("1" (assert) (("1" (expand "ground_speed_only_absolute?") (("1" (lift-if) (("1" (split -) (("1" (flatten) (("1" (hide -2) (("1" (assert) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (assert) (("2" (lift-if) (("2" (split -) (("1" (flatten) (("1" (expand "ground_speed_only_absolute?") (("1" (hide -2) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -2) (("2" (hide -1) (("2" (assert) nil nil)) nil)) nil)) nil) ("2" (hide -2) (("2" (replace -3 1) (("2" (assert) (("2" (expand "-") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil) ("2" (expand "-") (("2" (assert) nil nil)) nil)) nil)) nil) proved ((- const-decl "Vect3" Vectors nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (vi!1 skolem-const-decl "Vect3" gs_only_prop nil) (vo!1 skolem-const-decl "Vect3" gs_only_prop nil) (constant_for_circle_alt formula-decl nil gs_only nil) (compute_in_circle_factor const-decl "nnreal" gs_only_algo nil)) 16230 15760 nil nil)) (escape_is_oncyl_alt_TCC1 0 (escape_is_oncyl_alt_TCC1-1 nil 3287930047 3311528784 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (compute_in_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil)) 517 510 nil nil)) (escape_is_oncyl_alt 0 (escape_is_oncyl_alt-1 nil 3287930047 3311528798 ("" (skosimp*) (("" (case "z(vo!1-vi!1)=ve!1`z") (("1" (expand "compute_in_circle_factor_alt") (("1" (lift-if) (("1" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (hide -2) (("1" (lemma "constant_for_circle_alt") (("1" (inst?) (("1" (inst?) (("1" (inst - "vi!1" "vo!1") (("1" (assert) (("1" (expand "ground_speed_only_absolute?") (("1" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil) ("2" (expand "-") (("2" (assert) nil nil)) nil)) nil)) nil) proved ((- const-decl "Vect3" Vectors nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (constant_for_circle_alt formula-decl nil gs_only nil) (compute_in_circle_factor_alt const-decl "nnreal" gs_only_algo nil)) 14670 14100 nil nil)) (escape_is_exit 0 (escape_is_exit-1 nil 3287930047 3311528806 ("" (skosimp*) (("" (lemma "escape_is_oncyl") (("" (inst?) (("" (inst?) (("" (assert) (("" (expand "exit_point?") (("" (hide -1) (("" (replace -2) (("" (hide -2) (("" (expand "compute_in_circle_factor") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (split -1) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (lift-if) (("1" (split) (("1" (flatten) (("1" (replace -3 :dir rl) (("1" (assert) (("1" (expand "-") (("1" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil) ("2" (assert) (("2" (expand "-") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (lift-if) (("2" (split) (("1" (flatten) (("1" (replace -3 :dir rl) (("1" (expand "-") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((escape_is_oncyl formula-decl nil gs_only_prop nil) (exit_point? const-decl "bool" criteria nil) (compute_in_circle_factor const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 7058 6810 nil nil)) (escape_is_exit_alt 0 (escape_is_exit_alt-1 nil 3287930047 3311528809 ("" (skosimp*) (("" (lemma "escape_is_oncyl_alt") (("" (inst?) (("" (inst?) (("" (assert) (("" (expand "exit_point?") (("" (hide -1) (("" (replace -2) (("" (hide -2) (("" (expand "compute_in_circle_factor_alt") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (replace -3 :dir rl) (("1" (expand "-") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((escape_is_oncyl_alt formula-decl nil gs_only_prop nil) (exit_point? const-decl "bool" criteria nil) (compute_in_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 3235 3080 nil nil)) (circle_escape_is_sep 0 (circle_escape_is_sep-1 nil 3287930047 3311528809 ("" (skosimp*) (("" (lemma "escape_is_exit") (("" (inst?) (("" (inst - "ve!1") (("" (lemma "escape_is_exit_alt") (("" (inst?) (("" (inst - "ve!1") (("" (assert) (("" (lemma "circle_correctness") (("" (inst - "s!1" "ve!1") (("" (assert) (("" (prop) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((escape_is_exit formula-decl nil gs_only_prop nil) (circle_correctness formula-decl nil common_defs nil) (escape_is_exit_alt formula-decl nil gs_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 330 290 nil nil)) (recovery_is_oncyl_TCC1 0 (recovery_is_oncyl_TCC1-1 nil 3287930047 3311528810 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (compute_out_circle_factor const-decl "nnreal" gs_only_algo nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil)) 605 520 nil nil)) (recovery_is_oncyl 0 (recovery_is_oncyl-1 nil 3287930047 3311528863 ("" (skosimp*) (("" (expand "compute_out_circle_factor") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (name "THETA_DEF" "theta(1, s!1`z, (vo!1 - vi!1)`z)") (("1" (replace -1) (("1" (case-replace "theta(1,s!1`z,vr!1`z)=THETA_DEF") (("1" (case "THETA_DEF = theta(1, s!1`z + vo!1`z * tr!1 - vi!1`z * tr!1, vo!1`z - vi!1`z) + tr!1") (("1" (lemma "constant_for_circle_alt") (("1" (inst?) (("1" (inst?) (("1" (inst - "j!1" "vi!1" "vo!1") (("1" (assert) (("1" (hide 4) (("1" (split -) (("1" (flatten) (("1" (assert) (("1" (lift-if) (("1" (split -1) (("1" (flatten) (("1" (assert) (("1" (expand "ground_speed_only_absolute?") (("1" (split -) (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (expand "ground_speed_only_absolute?") (("2" (lift-if) (("2" (split -2) (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -3) (("2" (lemma "theta_translation") (("2" (inst - "1" "s!1" "tr!1" "vo!1-vi!1") (("2" (assert) (("2" (expand "at") (("2" (expand "+") (("2" (expand "-") (("2" (expand "*") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("3" (hide -3) (("3" (expand "-") (("3" (assert) nil nil)) nil)) nil)) nil) ("2" (hide -2) (("2" (replace -2 1) (("2" (assert) (("2" (expand "-") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("3" (hide -2) (("3" (replace -2 1) (("3" (assert) (("3" (expand "-") (("3" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -1) (("2" (assert) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil) proved ((compute_out_circle_factor const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (Vect3 type-eq-decl nil Vectors nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (at const-decl "Vect3" criteria nil) (theta_translation formula-decl nil criteria nil) (constant_for_circle_alt formula-decl nil gs_only nil) (D const-decl "posreal" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (ground_speed_only_absolute? const-decl "bool" common_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil)) 53203 51960 nil nil)) (recovery_is_oncyl_alt_TCC1 0 (recovery_is_oncyl_alt_TCC1-1 nil 3287930047 3311528863 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (compute_out_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (/= const-decl "boolean" notequal nil) (- const-decl "Vect3" Vectors nil)) 506 510 nil nil)) (recovery_is_oncyl_alt 0 (recovery_is_oncyl_alt-1 nil 3311600125 3311606307 ("" (skosimp*) (("" (expand "compute_out_circle_factor_alt" :assert? none) (("" (assert) (("" (lift-if) (("" (name-replace "VV" "(vo!1 - vi!1)") (("" (split) (("1" (flatten) (("1" (case "vr!1`z=VV`z") (("1" (case "theta(1,s!1`z,VV`z)=theta(1,s!1`z+tr!1*VV`z,VV`z)+tr!1") (("1" (lemma "constant_for_circle_alt") (("1" (inst?) (("1" (inst - "s!1 + tr!1 * VV" "theta(1, s!1`z, VV`z) - tr!1" "_" "vi!1" "vo!1") (("1" (inst - "vr!1") (("1" (assert) (("1" (hide 4) (("1" (split -) (("1" (flatten) (("1" (assert) (("1" (expand "ground_speed_only_absolute?") (("1" (split -) (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (hide -2) (("2" (lemma "theta_translation") (("2" (inst - "1" "s!1" "tr!1" "vo!1-vi!1") (("2" (expand "at") (("2" (expand "+") (("2" (expand "-") (("2" (expand "*") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("3" (hide -2) (("3" (assert) nil nil)) nil)) nil) ("2" (hide -1) (("2" (reveal -2) (("2" (replace -1 * rl) (("2" (expand "-") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((compute_out_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (number nonempty-type-decl nil numbers nil) (theta_translation formula-decl nil criteria nil) (at const-decl "Vect3" criteria nil) (constant_for_circle_alt formula-decl nil gs_only nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (D const-decl "posreal" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (- const-decl "Vect3" Vectors nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 6181198 67120 nil nil)) (recovery_is_entry 0 (recovery_is_entry-1 nil 3287930047 3311528888 ("" (skosimp*) (("" (lemma "recovery_is_oncyl") (("" (inst?) (("" (inst?) (("" (assert) (("" (expand "entry_point?") (("" (hide -1) (("" (replace -2 2) (("" (hide -2) (("" (expand "compute_out_circle_factor") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (assert) (("1" (lift-if) (("1" (split) (("1" (flatten) (("1" (replace -3 -2 :dir rl) (("1" (hide -3 -4 -1) (("1" (expand "-") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (assert) (("2" (lift-if) (("2" (split) (("1" (flatten) (("1" (replace -3 :dir rl) (("1" (hide 1) (("1" (hide -3) (("1" (expand "-") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((recovery_is_oncyl formula-decl nil gs_only_prop nil) (entry_point? const-decl "bool" criteria nil) (compute_out_circle_factor const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 24696 15720 nil nil)) (recovery_is_entry_alt 0 (recovery_is_entry_alt-1 nil 3287930047 3311528894 ("" (skosimp*) (("" (lemma "recovery_is_oncyl_alt") (("" (inst?) (("" (inst?) (("" (assert) (("" (expand "entry_point?") (("" (hide -1) (("" (replace -2 2) (("" (hide -2) (("" (expand "compute_out_circle_factor_alt") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (assert) (("1" (split) (("1" (flatten) (("1" (assert) (("1" (replace -3 -2 :dir rl) (("1" (hide -3 -4 -1) (("1" (expand "-") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((recovery_is_oncyl_alt formula-decl nil gs_only_prop nil) (entry_point? const-decl "bool" criteria nil) (compute_out_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 6112 5960 nil nil)) (circle_recovery_is_sep 0 (circle_recovery_is_sep-1 nil 3287930047 3311528895 ("" (skosimp*) (("" (case "z(vo!1-vi!1)=vr!1`z") (("1" (lemma "recovery_is_entry") (("1" (inst?) (("1" (inst - "vr!1") (("1" (lemma "recovery_is_entry_alt") (("1" (inst?) (("1" (inst - "j!1") (("1" (assert) (("1" (lemma "circle_correctness") (("1" (inst?) (("1" (assert) (("1" (hide 2) (("1" (lemma "theta_translation") (("1" (inst - "1" "s!1" "tr!1" "vo!1-vi!1") (("1" (expand "at") (("1" (split -5) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil) ("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "-") (("2" (assert) nil nil)) nil)) nil)) nil) proved ((- const-decl "Vect3" Vectors nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (recovery_is_entry_alt formula-decl nil gs_only_prop nil) (circle_correctness formula-decl nil common_defs nil) (theta_translation formula-decl nil criteria nil) (at const-decl "Vect3" criteria nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (recovery_is_entry formula-decl nil gs_only_prop nil)) 585 540 nil nil)) (in_circle_is_sep 0 (in_circle_is_sep-1 nil 3287930047 3311528896 ("" (skosimp*) (("" (expand "compute_factor_for_in_circle") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "circle_correctness") (("1" (inst?) (("1" (case "vo!1`z - vi!1`z = ve!1`z") (("1" (replace -1) (("1" (replace -1 :dir rl) (("1" (expand "-") (("1" (assert) (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil) proved ((compute_factor_for_in_circle const-decl "nnreal" gs_only_algo nil) (circle_correctness formula-decl nil common_defs nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (- const-decl "Vect3" Vectors nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 843 800 nil nil)) (out_circle_is_sep 0 (out_circle_is_sep-1 nil 3287930047 3311528898 ("" (skosimp*) (("" (expand "compute_factor_for_out_circle") (("" (lift-if) (("" (split) (("1" (flatten) (("1" (expand "-" 1) (("1" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "circle_correctness") (("1" (inst?) (("1" (case "vo!1`z - vi!1`z = vr!1`z") (("1" (name "T" "theta(-1, z(s!1 + tr!1 * (vo!1 - vi!1)), vr!1`z)") (("1" (replace -1) (("1" (case "T + tr!1 = theta(-1, s!1`z, (vo!1 - vi!1)`z)") (("1" (replace -1 :dir rl) (("1" (expand "at") (("1" (assert) nil nil)) nil)) nil) ("2" (lemma "theta_translation") (("2" (hide -6) (("2" (inst?) (("2" (expand "-" -1) (("2" (assert) (("2" (replace -2 1 :dir rl) (("2" (expand "at") (("2" (assert) (("2" (replace -3) (("2" (expand "-") (("2" (hide 2) (("2" (expand "+") (("2" (expand "*") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("3" (expand "-") (("3" (propax) nil nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil) proved ((compute_factor_for_out_circle const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (+ const-decl "Vect3" Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (* const-decl "Vect3" Vectors nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (theta const-decl "real" criteria nil) (nzreal nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (at const-decl "Vect3" criteria nil) (theta_translation formula-decl nil criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (circle_correctness formula-decl nil common_defs nil)) 2098 1950 nil nil)) (sep_summary 0 (sep_summary-1 nil 3287930047 3311528898 ("" (skosimp*) (("" (lemma "line_factor_is_sep") (("" (inst?) (("" (inst - "(# x := ss!1 * vo!1`x - vi!1`x, y := ss!1 * vo!1`y - vi!1`y, z := vo!1`z - vi!1`z #)") (("" (lemma "line_factor_is_sep_alt") (("" (inst?) (("" (inst - "(# x := ss!1 * vo!1`x - vi!1`x, y := ss!1 * vo!1`y - vi!1`y, z := vo!1`z - vi!1`z #)") (("" (lemma "circle_escape_is_sep") (("" (inst?) (("" (inst - "(# x := ss!1 * vo!1`x - vi!1`x, y := ss!1 * vo!1`y - vi!1`y, z := vo!1`z - vi!1`z #)") (("" (lemma "in_circle_is_sep") (("" (inst?) (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((line_factor_is_sep formula-decl nil gs_only_prop nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (circle_escape_is_sep formula-decl nil gs_only_prop nil) (in_circle_is_sep formula-decl nil gs_only_prop nil) (line_factor_is_sep_alt formula-decl nil gs_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 354 310 t nil)) (sep_summary_rec 0 (sep_summary_rec-1 nil 3287930047 3311528899 ("" (skosimp*) (("" (lemma "line_factor_is_sep") (("" (inst - "at(s!1, vo!1-vi!1, tr!1)" "ss!1" "tr!1" "vi!1" "vo!1" "_") (("" (inst?) (("" (lemma "line_factor_is_sep_alt") (("" (inst - "at(s!1, vo!1-vi!1, tr!1)" "ss!1" "tr!1" "vi!1" "vo!1" "_") (("" (inst?) (("" (lemma "circle_recovery_is_sep") (("" (inst?) (("" (inst - "(# x := ss!1 * vo!1`x - vi!1`x, y := ss!1 * vo!1`y - vi!1`y, z := vo!1`z - vi!1`z #)") (("" (lemma "out_circle_is_sep") (("" (inst?) (("" (inst?) (("" (expand "at") (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((line_factor_is_sep formula-decl nil gs_only_prop nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (circle_recovery_is_sep formula-decl nil gs_only_prop nil) (out_circle_is_sep formula-decl nil gs_only_prop nil) (line_factor_is_sep_alt formula-decl nil gs_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (- const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 256 260 nil nil)) (form_algo_correct 0 (form_algo_correct-1 nil 3287930047 3311528901 ("" (auto-rewrite "restrict") (("" (skosimp*) (("" (expand "member") (("" (expand "form_gs_solution") (("" (split -3) (("1" (flatten) (("1" (expand "singleton") (("1" (lemma "gs_timeliness") (("1" (inst - "j!1" "k!1" "s!1" "m!1`te" "tr!1" "vo!1 - vi!1" "m!1`ve" "vi!1" "vo!1" "m!1`vr") (("1" (expand "at") (("1" (expand "ground_speed_only?") (("1" (expand "ground_speed_only_absolute?") (("1" (assert) (("1" (replace -6) (("1" (assert) (("1" (expand "-") (("1" (expand "+") (("1" (expand "*") (("1" (assert) (("1" (split) (("1" (inst?) nil nil) ("2" (inst + "j!1") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((form_gs_solution const-decl "set[solution]" gs_only_algo nil) (emptyset const-decl "set" sets nil) (gs_timeliness formula-decl nil gs_only nil) (at const-decl "Vect3" criteria nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (restrict const-decl "R" restrict nil) (ground_speed_only? const-decl "bool" common_defs nil) (- const-decl "Vect3" Vectors nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (singleton const-decl "(singleton?)" sets nil) (member const-decl "bool" sets nil)) 1871 1710 t nil)) (form_properties_TCC1 0 (form_properties_TCC1-1 nil 3287930047 3311528901 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil)) 475 420 nil nil)) (form_properties 0 (form_properties-1 nil 3287930047 3311528902 ("" (skosimp*) (("" (split) (("1" (flatten) (("1" (expand "member") (("1" (expand "form_gs_solution") (("1" (expand "restrict") (("1" (assert) (("1" (split) (("1" (flatten) (("1" (expand "singleton") (("1" (replace -5) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "member") (("2" (expand "form_gs_solution") (("2" (expand "restrict") (("2" (assert) (("2" (expand "singleton") (("2" (apply-extensionality 2) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((member const-decl "bool" sets nil) (restrict const-decl "R" restrict nil) (singleton const-decl "(singleton?)" sets nil) (emptyset const-decl "set" sets nil) (form_gs_solution const-decl "set[solution]" gs_only_algo nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (solution type-eq-decl nil common_defs nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 754 700 t nil)) (constant_combinations 0 (constant_combinations-1 nil 3287930047 3311528902 ("" (skosimp*) (("" (expand "member") (("" (expand "gs_only_algo") (("" (expand "union") (("" (expand "member") (("" (apply (try (prop) (inst?) (skip))) nil nil)) nil)) nil)) nil)) nil)) nil) proved ((member const-decl "bool" sets nil) (union const-decl "set" sets nil) (compute_factor_for_out_circle const-decl "nnreal" gs_only_algo nil) (compute_factor_for_in_circle const-decl "nnreal" gs_only_algo nil) (compute_out_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (compute_out_circle_factor const-decl "nnreal" gs_only_algo nil) (compute_in_circle_factor_alt const-decl "nnreal" gs_only_algo nil) (compute_in_circle_factor const-decl "nnreal" gs_only_algo nil) (compute_line_factor_alt const-decl "nnreal" gs_only_algo nil) (- const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil) (compute_line_factor const-decl "nnreal" gs_only_algo nil) (nnreal type-eq-decl nil real_types nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (gs_only_algo const-decl "set[solution]" gs_only_algo nil)) 450 400 nil nil)) (gs_only_makes_sep 0 (gs_only_makes_sep-1 nil 3287930047 3311528906 ("" (skosimp*) (("" (lemma "constant_combinations") (("" (inst?) (("" (assert) (("" (skosimp*) (("" (inst + "k!1" "j!1") (("" (lemma "sep_summary") (("" (inst?) (("" (lemma "sep_summary_rec") (("" (inst?) (("" (lemma "form_properties") (("" (inst?) (("" (expand "at") (("" (assert) (("" (flatten) (("" (assert) (("" (apply (try (split -11) (try (flatten) (assert) (skip)) (skip))) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((constant_combinations formula-decl nil gs_only_prop nil) (at const-decl "Vect3" criteria nil) (form_properties formula-decl nil gs_only_prop nil) (sep_summary_rec formula-decl nil gs_only_prop nil) (sep_summary formula-decl nil gs_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 3809 3710 nil nil)) (gs_only_algo_correct_alt 0 (gs_only_algo_correct_alt-1 nil 3287930047 3311528907 ("" (skosimp*) (("" (lemma "gs_only_makes_sep") (("" (inst?) (("" (assert) (("" (skosimp*) (("" (lemma "form_algo_correct") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((gs_only_makes_sep formula-decl nil gs_only_prop nil) (form_algo_correct formula-decl nil gs_only_prop nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 418 370 nil nil)) (gs_only_algo_correct 0 (gs_only_algo_correct-1 nil 3287930047 3311528907 ("" (skosimp*) (("" (lemma "sep_connection") (("" (inst - "s!1" "m!1`te" "m!1`ve") (("" (lemma "sep_connection") (("" (inst - "s!1+m!1`te*m!1`ve" "tr!1-m!1`te" "m!1`vr") (("" (lemma "gs_only_algo_correct_alt") (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (assert) (("" (hide 2) (("" (replace -3) (("" (lemma "separation_lem") (("" (inst - "s!1 + m!1`te * m!1`ve" "tr!1-m!1`te" "m!1`vr") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((sep_connection formula-decl nil common_defs nil) (gs_only_algo_correct_alt formula-decl nil gs_only_prop nil) (separation_lem formula-decl nil criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (solution type-eq-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 200 200 nil nil))) $$$line_and_circle_gs_only.pvs line_and_circle_gs_only: THEORY BEGIN IMPORTING criteria, common_defs, gs_only s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR real % Recovery time te : VAR real % Escape time t : VAR real % time tau_p : VAR real % time of closest approach during escape tau_pp : VAR real % time of closest approach during recovery theta_p : VAR real % time to reach top of cylinder theta_pp : VAR real % time to reach top of cylinder k, j : VAR real % scale factors for escape and recovery ground speed line_line : THEOREM RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND line_case?(s, ve, 0, 0, te) AND line_case?(at(s, v, tr), vr, te, tr, tr) AND time_definition?(v, ve, vr, te, tr) IMPLIES separation?(s,ve) AND separation?(at(s,v,tr),vr) AND at(s,v,tr) = at(at(s,ve,te), vr, tr - te) circle_line : THEOREM RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND in_circle_case?(s, ve) AND line_case?(at(s, v, tr), vr, te, tr, tr) AND time_definition?(v, ve, vr, te, tr) IMPLIES separation?(s,ve) AND separation?(at(s,v,tr),vr) AND at(s,v,tr) = at(at(s,ve,te), vr, tr - te) line_circle : THEOREM RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND line_case?(s, ve, 0, 0, te) AND out_circle_case?(s, v, vr, tr) AND time_definition?(v, ve, vr, te, tr) IMPLIES separation?(s,ve) AND separation?(at(s,v,tr),vr) AND at(s,v,tr) = at(at(s,ve,te), vr, tr - te) circle_circle : THEOREM RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND in_circle_case?(s, ve) AND out_circle_case?(s, v, vr, tr) AND time_definition?(v, ve, vr, te, tr) IMPLIES separation?(s,ve) AND separation?(at(s,v,tr),vr) AND at(s,v,tr) = at(at(s,ve,te), vr, tr - te) in_circle : THEOREM RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND v`z /= 0 AND 0 < theta(1, s`z, v`z) AND theta(1, s`z, v`z) < tr AND entry_point?(at(s, ve, theta(1, s`z, v`z)), ve) AND time_definition?(v, ve, vr, te, tr) AND te = theta(1, s`z, v`z) IMPLIES separation?(s,ve) AND % separation?(at(s,v,tr),vr) AND pred_sep?(at(s,ve,te), vr, tr - te) AND at(s,v,tr) = at(at(s,ve,te), vr, tr - te) out_circle : THEOREM RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND v`z /= 0 AND 0 < theta(-1, s`z, v`z) AND theta(-1, s`z, v`z) < tr AND exit_point?(at(s, ve, theta(-1, s`z, v`z)), vr) AND time_definition?(v, ve, vr, te, tr) AND te = theta(-1, s`z, v`z) AND k /= j % must be explicit IMPLIES % separation?(s,ve) AND pred_sep?(s,ve,te) AND separation?(at(s,v,tr),vr) AND at(s,v,tr) = at(at(s,ve,te), vr, tr - te) END line_and_circle_gs_only $$$line_and_circle_gs_only.prf (|line_and_circle_gs_only| (|line_line| "" (SKOSIMP*) (("" (LEMMA "line_correctness2") (("" (INST - "0" "0" "s!1" "k!1" "te!1" "ve!1" "vi!1" "vo!1") (("" (ASSERT) (("" (LEMMA "line_correctness2") (("" (INST - "tr!1" "te!1" "at(s!1, v!1, tr!1)" "j!1" "tr!1" "vr!1" "vi!1" "vo!1") (("" (ASSERT) (("" (LEMMA "constants_not_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "escape_time_defined") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "gs_timeliness") (("" (INST?) (("" (INST - "j!1" "k!1" "vi!1" "vo!1") (("" (ASSERT) (("" (EXPAND "RR3D_criteria?") (("" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|circle_line| "" (SKOSIMP*) (("" (LEMMA "circle_correctness") (("" (INST - "s!1" "ve!1") (("" (EXPAND "in_circle_case?") (("" (FLATTEN) (("" (ASSERT) (("" (LEMMA "line_correctness2") (("" (INST - "tr!1" "te!1" "at(s!1, v!1, tr!1)" "j!1" "tr!1" "vr!1" "vi!1" "vo!1") (("" (ASSERT) (("" (LEMMA "constants_not_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "escape_time_defined") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "gs_timeliness") (("" (INST?) (("" (INST - "j!1" "k!1" "vi!1" "vo!1") (("" (ASSERT) (("" (EXPAND "RR3D_criteria?") (("" (PROPAX) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|line_circle| "" (SKOSIMP*) (("" (LEMMA "line_correctness2") (("" (INST - "0" "0" "s!1" "k!1" "te!1" "ve!1" "vi!1" "vo!1") (("" (ASSERT) (("" (LEMMA "constants_not_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "escape_time_defined") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "gs_timeliness") (("" (INST?) (("" (INST - "j!1" "k!1" "vi!1" "vo!1") (("" (EXPAND "RR3D_criteria?") (("" (FLATTEN) (("" (ASSERT) (("" (LEMMA "circle_correctness") (("" (INST - "at(s!1, v!1, tr!1)" "vr!1") (("" (EXPAND "out_circle_case?") (("" (LEMMA "vert_speeds_equal") (("" (INST?) (("" (INST - "j!1" "s!1" "tr!1" "v!1" "vr!1") (("" (ASSERT) (("" (FLATTEN) (("" (ASSERT) (("" (FLATTEN) (("" (HIDE 1) (("" (LEMMA "theta_translation") (("" (INST - "1" "s!1" "tr!1" "v!1") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|circle_circle| "" (SKOSIMP*) (("" (LEMMA "circle_correctness") (("" (INST?) (("" (ASSERT) (("" (EXPAND "in_circle_case?") (("" (FLATTEN) (("" (ASSERT) (("" (LEMMA "constants_not_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "escape_time_defined") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "gs_timeliness") (("" (INST?) (("" (INST - "j!1" "k!1" "vi!1" "vo!1") (("" (EXPAND "RR3D_criteria?") (("" (FLATTEN) (("" (ASSERT) (("" (LEMMA "circle_correctness") (("" (INST - "at(s!1, v!1, tr!1)" "vr!1") (("" (LEMMA "vert_speeds_equal") (("" (INST?) (("" (INST - "j!1" "s!1" "tr!1" "v!1" "vr!1") (("" (ASSERT) (("" (FLATTEN) (("" (ASSERT) (("" (LEMMA "theta_translation") (("" (INST - "1" "s!1" "tr!1" "vr!1") (("" (ASSERT) (("" (EXPAND "out_circle_case?") (("" (FLATTEN) (("" (EXPAND "at") (("" (EXPAND "+ ") (("" (EXPAND "*") (("" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|in_circle| "" (SKOSIMP*) (("" (LEMMA "vert_speeds_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "circle_correctness") (("" (INST?) (("" (FLATTEN) (("" (ASSERT) (("" (LEMMA "constants_not_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "escape_time_defined") (("" (INST?) (("" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("" (ASSERT) (("" (LEMMA "gs_timeliness") (("" (INST?) (("" (INST - "j!1" "k!1" "vi!1" "vo!1") (("" (ASSERT) (("" (SPLIT -) (("1" (ASSERT) (("1" (REPLACE -16) (("1" (HIDE -16) (("1" (EXPAND "pred_sep?") (("1" (SKOSIMP*) (("1" (HIDE 3) (("1" (EXPAND "vert_sep?") (("1" (LEMMA "vertical_criterion_sz_vz_ge_0") (("1" (INST - "s!1 + theta(1,s!1`z, vr!1`z) * vr!1" "vr!1") (("1" (EXPAND "vert_sep?") (("1" (EXPAND "at") (("1" (EXPAND "+ ") (("1" (EXPAND "*") (("1" (REPLACE -5) (("1" (HIDE -5) (("1" (REPLACE -5) (("1" (HIDE -5) (("1" (ASSERT) (("1" (SPLIT -) (("1" (INST - "t!1") (("1" (ASSERT) NIL NIL)) NIL) ("2" (LEMMA "reaching_H_theta") (("2" (INST?) (("2" (ASSERT) NIL NIL)) NIL)) NIL) ("3" (HIDE-ALL-BUT (1 3)) (("3" (LEMMA "vertical_entry_exit_condition") (("3" (INST?) (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "RR3D_criteria?") (("2" (FLATTEN) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) (|out_circle| "" (SKOSIMP*) (("" (LEMMA "vert_speeds_equal") (("" (INST?) (("" (INST - "j!1" "k!1" "ve!1" "vr!1") (("" (ASSERT) (("" (CASE "pred_sep?(s!1, ve!1, te!1)") (("1" (ASSERT) (("1" (LEMMA "escape_time_defined") (("1" (INST?) (("1" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("1" (ASSERT) (("1" (LEMMA "gs_timeliness") (("1" (INST?) (("1" (INST - "j!1" "k!1" "vi!1" "vo!1") (("1" (ASSERT) (("1" (SPLIT) (("1" (ASSERT) (("1" (LEMMA "circle_correctness") (("1" (INST - "at(s!1, v!1, tr!1)" "vr!1") (("1" (ASSERT) (("1" (FLATTEN) (("1" (ASSERT) (("1" (FLATTEN) (("1" (REPLACE -1 1) (("1" (LEMMA "theta_translation") (("1" (INST - "-1" "s!1" "tr!1" "vr!1") (("1" (ASSERT) (("1" (EXPAND "at") (("1" (EXPAND "+ ") (("1" (EXPAND "*") (("1" (HIDE 2) (("1" (REPLACE -6) (("1" (REPLACE -16) (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (EXPAND "RR3D_criteria?") (("2" (FLATTEN) NIL NIL)) NIL) ("3" (LEMMA "escape_time_defined") (("3" (INST?) (("3" (INST - "j!1" "k!1" "te!1" "ve!1" "vr!1") (("3" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (HIDE 4) (("2" (EXPAND "pred_sep?") (("2" (SKOSIMP*) (("2" (HIDE 1) (("2" (LEMMA "vertical_criterion_sz_vz_le_0") (("2" (INST - "s!1 + theta(-1, z(s!1), z(v!1))*ve!1" "ve!1") (("2" (EXPAND "vert_sep?") (("2" (EXPAND "+ ") (("2" (EXPAND "*") (("2" (REPLACE -4) (("2" (HIDE -4) (("2" (REPLACE -4) (("2" (HIDE -4) (("2" (LEMMA "reaching_H_theta") (("2" (INST?) (("1" (ASSERT) (("1" (LEMMA "vertical_entry_exit_condition") (("1" (INST?) (("1" (ASSERT) (("1" (INST - "t!1 - theta(-1, z(s!1), vr!1`z)") (("1" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL) ("2" (ASSERT) NIL NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) NIL)) $$$gs_only.pvs gs_only: THEORY BEGIN IMPORTING criteria, common_defs % so : VAR Vect3 % Ownship position vo : VAR Vect3 % Ownship velocity % voe : VAR Vect3 % Ownship Escape velocity % vor : VAR Vect3 % Ownship Recovery velocity % si : VAR Vect3 % Intruder position vi : VAR Vect3 % Intruder velocity s : VAR Vect3 % Relative position v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position sz : VAR real % Relative position in z direction vz : VAR nzreal % Relative velocity in z direction tr : VAR real % Recovery time te : VAR real % Escape time t : VAR real % time tau : VAR real % time of closest approach tau_p : VAR real % time of closest approach during escape tau_pp : VAR real % time of closest approach during recovery theta : VAR real % time of intersection with top of cylinder theta_p : VAR real % time of intersection with top of cylinder (entry) theta_pp : VAR real % time of intersection with top of cylinder (exit) k, j : VAR real % scale factors for escape and recovery ground speed v1, v2 : VAR Vect3 % arbitrary vectors lower : VAR real upper : VAR real scale : VAR real a : VAR nonzero_real a2 : VAR real b,c : VAR real d,e : VAR real eps : VAR Sign % moving_over_ground?(v): bool = sq_norm2(v) > 0 % on_cyl?(s): bool = sq(s`x) + sq(s`y) = sq(D) % should be in criteria.pvs % theta(eps,sz,vz):real = (eps * sign(vz)*H - sz) / vz % ground_speed_only_absolute?(ve, scale, vo, vi): bool = % scale > 0 % AND ve`x = scale * vo`x - vi`x % AND ve`y = scale * vo`y - vi`y % AND ve`z = vo`z - vi`z % ----------------- Conditions for ground speed only cases ------------------ RR3D_criteria?(s, v, vo, vi, tr): bool = NOT pred_sep?(s, v, tr) AND v = vo - vi line_case?(s, v, lower, b, upper): bool = hor_speed_gt_0?(v) % AND lower < tau(s, v) + b % AND tau(s, v) + b < upper AND tan_condition?(s, v) in_circle_case?(s, ve): bool = ve`z /= 0 AND exit_point?(at(s, ve, theta(-1, s`z, ve`z)), ve) out_circle_case?(s, v, vr, tr): bool = v`z /= 0 AND entry_point?(at(at(s, v, tr), vr, theta(1, s`z, v`z) - tr), vr) time_definition?(v, ve, vr, te, tr): bool = te * (ve`x - vr`x) = tr * (v`x - vr`x) AND te * (ve`y - vr`y) = tr * (v`y - vr`y) % ------------------------ Auxillary Lemmas ----------------------------- constant_for_line: LEMMA a2 = (sq(D)*(sq(vo`x)+sq(vo`y))-sq(s`x*vo`y-s`y*vo`x)) AND b = 2*(-sq(D)*(vo`x*vi`x+vo`y*vi`y) +(s`x*vo`y-s`y*vo`x)*(s`x*vi`y-s`y*vi`x)) AND c = sq(D)*(sq(vi`x)+sq(vi`y))-sq(s`x*vi`y-s`y*vi`x) AND ground_speed_only_absolute?(ve, k, vo, vi) AND 0 = a2*sq(k) + b*k + c IMPLIES tan_condition?(s, ve) constant_for_line_alt: LEMMA a2 = (sq(D)*(sq(vo`x)+sq(vo`y))-sq(s`x*vo`y-s`y*vo`x)) AND b = 2*(-sq(D)*(vo`x*vi`x+vo`y*vi`y) +(s`x*vo`y-s`y*vo`x)*(s`x*vi`y-s`y*vi`x)) AND c = sq(D)*(sq(vi`x)+sq(vi`y))-sq(s`x*vi`y-s`y*vi`x) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ((a2=0 AND b/=0 AND k = -c/b) OR (a2/=0 AND discr(a2, b, c) >= 0 AND (k = x1(a2, b, c) OR k = x2(a2, b, c)))) IMPLIES tan_condition?(s, ve) constant_for_circle_exit: LEMMA ground_speed_only_absolute?(ve, k, vo, vi) AND on_cyl?(at(s, ve, t)) AND (s`x+t*(k*vo`x-vi`x))*(k*vo`x-vi`x) + (s`y+t*(k*vo`y-vi`y))*(k*vo`y-vi`y) >= 0 IMPLIES exit_point?(at(s, ve, t), ve) constant_for_circle_entry: LEMMA ground_speed_only_absolute?(ve, k, vo, vi) AND on_cyl?(at(s, ve, t)) AND (s`x+t*(k*vo`x-vi`x))*(k*vo`x-vi`x) + (s`y+t*(k*vo`y-vi`y))*(k*vo`y-vi`y) <= 0 IMPLIES entry_point?(at(s, ve, t), ve) constant_for_circle: LEMMA a2 = sq(t)*(sq(vo`x)+sq(vo`y)) AND b = 2*t *(s`x*vo`x - t*vi`x*vo`x + s`y*vo`y - t*vi`y*vo`y) AND c = sq(s`x-t*vi`x) + sq(s`y-t*vi`y) - sq(D) AND ground_speed_only_absolute?(ve, k, vo, vi) AND 0 = a2*sq(k) + b*k + c IMPLIES on_cyl?(at(s, ve, t)) constant_for_circle2: LEMMA a = sq(t)*(sq(vo`x)+sq(vo`y)) AND b = 2*t *(s`x*vo`x - t*vi`x*vo`x + s`y*vo`y - t*vi`y*vo`y) AND c = sq(s`x-t*vi`x) + sq(s`y-t*vi`y) - sq(D) AND ground_speed_only_absolute?(ve, k, vo, vi) AND discr(a, b, c) >= 0 AND k = x1(a, b, c) IMPLIES on_cyl?(at(s, ve, t)) constant_for_circle_alt: LEMMA a2 = sq(t)*(sq(vo`x)+sq(vo`y)) AND b = 2*t *(s`x*vo`x - t*vi`x*vo`x + s`y*vo`y - t*vi`y*vo`y) AND c = sq(s`x-t*vi`x) + sq(s`y-t*vi`y) - sq(D) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ((a2=0 AND b/=0 AND k = -c/b) OR (a2/=0 AND discr(a2, b, c) >= 0 AND (k = x1(a2, b, c) OR k = x2(a2,b,c)))) IMPLIES on_cyl?(at(s, ve, t)) vert_speeds_equal: LEMMA RR3D_criteria?(s, v, vo, vi, tr) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) IMPLIES v`z = ve`z AND v`z = vr`z AND ve`z = vr`z constants_not_equal: LEMMA RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND time_definition?(v, ve, vr, te, tr) AND (separation?(s,ve) OR separation?(at(s,v,tr),vr)) IMPLIES k /= j escape_time_defined: LEMMA RR3D_criteria?(s, v, vo, vi, tr) AND hor_speed_gt_0?(vo) AND ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND time_definition?(v, ve, vr, te, tr) AND k /= j IMPLIES te = tr * (1 - j) / (k - j) % theta_translation: LEMMA % v`z /= 0 % IMPLIES % theta(eps, at(s, v, tr)`z, v`z) = theta(eps, s`z, v`z) - tr % tau_is_tangent_pt: LEMMA % hor_speed_gt_0?(ve) AND % tan_condition?(s,ve) % IMPLIES % tangent_point?(at(s, ve, tau(s,ve)), ve) % --------------- line and circle cases ----------------------------- line_correctness: LEMMA hor_speed_gt_0?(v) AND tan_condition?(s, v) AND ground_speed_only_absolute?(v, scale , vo, vi) IMPLIES separation?(s, v) line_correctness2: LEMMA line_case?(s, v, lower, b, upper) AND ground_speed_only_absolute?(v, scale , vo, vi) IMPLIES separation?(s, v) % circle_correctness: LEMMA % v`z /= 0 AND % (exit_point?(at(s, v, theta(-1, s`z, v`z)), v) OR % entry_point?(at(s, v, theta(1, s`z, v`z)), v)) % IMPLIES % separation?(s, v) % --------------------- time ---------------------------------------- gs_timeliness : LEMMA ground_speed_only_absolute?(ve, k, vo, vi) AND ground_speed_only_absolute?(vr, j, vo, vi) AND v = vo - vi AND k /= j AND te = tr * (1 - j) / (k - j) IMPLIES at(s,v,tr) = at(at(s,ve,te), vr, tr - te) END gs_only $$$gs_only.prf (gs_only (eps_prop 0 (eps_prop-1 nil 3287930046 nil ("" (skosimp*) (("" (typepred "eps!1") (("" (split) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil) proved-complete ((Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil)) nil nil nil nil)) (sign_prop 0 (sign_prop-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "sign") (("" (expand "abs") (("" (assert) (("" (lift-if) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((sign const-decl "Sign" sign nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil)) nil nil nil nil)) (constant_for_line 0 (constant_for_line-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (expand "tan_condition?") (("" (replace -5) (("" (replace -6) (("" (move-terms 1 r (1 2)) (("" (replace -8 1) (("" (hide -5 -6 -7 -8) (("" (expand "sq") (("" (replace -1) (("" (hide -1) (("" (real-props 1) (("" (replace -1) (("" (hide -1) (("" (real-props 1) (("" (replace -1) (("" (hide -1) (("" (real-props 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((ground_speed_only_absolute? const-decl "bool" common_defs nil) (tan_condition? const-decl "bool" criteria nil) (mult_neg formula-decl nil extra_tegies "Field/") (add_neg formula-decl nil extra_tegies "Field/") (one_times formula-decl nil extra_tegies "Field/") (neg_mult formula-decl nil extra_tegies "Field/") (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil)) nil nil nil nil)) (constant_for_line_alt 0 (constant_for_line_alt-1 nil 3287930046 nil ("" (skosimp*) (("" (split) (("1" (flatten) (("1" (lemma "constant_for_line") (("1" (inst?) (("1" (inst - "a2!1" "c!1" "k!1" "ve!1") (("1" (assert) (("1" (replace -1) (("1" (replace -2) (("1" (real-props 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "quadratic_eq_0") (("2" (inst - "a2!1" "b!1" "c!1" "k!1") (("1" (flatten) (("1" (assert) (("1" (lemma "constant_for_line") (("1" (inst?) (("1" (inst - "a2!1" "b!1" "c!1" "s!1") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) nil nil)) nil)) nil)) nil)) nil) proved-complete ((constant_for_line formula-decl nil gs_only nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (quadratic_eq_0 formula-decl nil quadratic "reals/")) nil nil nil nil)) (constant_for_circle_exit 0 (constant_for_circle_exit-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "exit_point?") (("" (expand "exit?") (("" (expand "on_cyl?") (("" (assert) (("" (expand "ground_speed_only_absolute?") (("" (expand "at") (("" (expand "+ ") (("" (expand "*") (("" (flatten) (("" (replace -2) (("" (hide -2) (("" (replace -2) (("" (hide -2) (("" (hide -2) (("" (hide -2) (("" (real-props 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((exit_point? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil) (exit? const-decl "bool" criteria nil)) nil nil nil nil)) (constant_for_circle_entry 0 (constant_for_circle_entry-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "entry_point?") (("" (expand "entry?") (("" (expand "on_cyl?") (("" (assert) (("" (expand "ground_speed_only_absolute?") (("" (expand "at") (("" (expand "+ ") (("" (expand "*") (("" (flatten) (("" (replace -2) (("" (hide -2) (("" (replace -2) (("" (hide -2) (("" (hide -2) (("" (hide -2) (("" (real-props 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((entry_point? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil) (entry? const-decl "bool" criteria nil)) nil nil nil nil)) (constant_for_circle 0 (constant_for_circle-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (expand "on_cyl?") (("" (expand "at") (("" (expand "+ ") (("" (expand "*") (("" (replace -5) (("" (hide -5) (("" (replace -5) (("" (hide -5) (("" (hide -5) (("" (move-terms 1 r 1) (("" (replace -5 1) (("" (hide -5) (("" (replace -1) (("" (hide -1) (("" (expand "sq") (("" (replace -2 1) (("" (hide -2) (("" (real-props 1) (("" (replace -1) (("" (hide -1) (("" (real-props 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((ground_speed_only_absolute? const-decl "bool" common_defs nil) (on_cyl? const-decl "bool" criteria nil) (+ const-decl "Vect3" Vectors nil) (neg_mult formula-decl nil extra_tegies "Field/") (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (* const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil)) nil nil nil nil)) (constant_for_circle2 0 (constant_for_circle2-1 nil 3287930046 nil ("" (skosimp*) (("" (lemma "quadratic_eq_0") (("" (inst?) (("" (assert) (("" (lemma "constant_for_circle") (("" (inst?) (("" (inst - "a!1" "b!1" "k!1" "ve!1" "vo!1") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((quadratic_eq_0 formula-decl nil quadratic "reals/") (Vect3 type-eq-decl nil Vectors nil) (constant_for_circle formula-decl nil gs_only nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) nil nil nil nil)) (constant_for_circle_alt 0 (constant_for_circle_alt-1 nil 3287930046 nil ("" (skosimp*) (("" (split -5) (("1" (flatten) (("1" (lemma "constant_for_circle") (("1" (inst?) (("1" (inst?) (("1" (inst - "a2!1" "c!1") (("1" (assert) (("1" (replace -1) (("1" (real-props 1) (("1" (replace -2) (("1" (assert) (("1" (field 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (lemma "quadratic_eq_0") (("2" (inst?) (("1" (assert) (("1" (assert) (("1" (lemma "constant_for_circle") (("1" (inst?) (("1" (inst - "a2!1" "b!1" "k!1" "ve!1" "vo!1") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((constant_for_circle formula-decl nil gs_only nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (quadratic_eq_0 formula-decl nil quadratic "reals/") (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil)) nil nil nil nil)) (vert_speeds_equal 0 (vert_speeds_equal-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "RR3D_criteria?") (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (expand "-") (("" (split) (("1" (replace -5 1) (("1" (assert) nil nil)) nil) ("2" (replace -9 1) (("2" (assert) nil nil)) nil) ("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((RR3D_criteria? const-decl "bool" gs_only nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil)) nil nil nil nil)) (constants_not_equal 0 (constants_not_equal-1 nil 3287930046 nil ("" (skosimp*) (("" (lemma "vert_speeds_equal") (("" (inst?) (("" (inst - "j!1" "k!1" "ve!1" "vr!1") (("" (assert) (("" (expand "RR3D_criteria?") (("" (expand "time_definition?") (("" (flatten) (("" (expand "pred_sep?") (("" (skosimp*) (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (replace -19) (("" (hide -19) (("" (expand "separation?") (("" (expand "hor_sep?") (("" (expand "vert_sep?") (("" (expand "at") (("" (expand "-") (("" (expand "+ ") (("" (expand "*") (("" (replace -6) (("" (hide -6) (("" (replace -8) (("" (hide -8) (("" (replace -8) (("" (hide -8) (("" (replace -8) (("" (hide -8) (("" (replace -9) (("" (hide -9) (("" (replace -9) (("" (hide -9) (("" (replace -9) (("" (hide -8 -1 -2) (("" (assert) (("" (case "tr!1 = 0") (("1" (replace -1) (("1" (case "t!1 = 0") (("1" (replace -1) (("1" (assert) (("1" (split) (("1" (inst - "0") (("1" (assert) nil nil)) nil) ("2" (inst - "0") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil) ("2" (case "0 = tr!1*(1 - j!1)") (("1" (div-by -1 "tr!1") (("1" (assert) (("1" (real-props -1) (("1" (move-terms -1 r 2) (("1" (assert) (("1" (replace -1) (("1" (hide -1) (("1" (split) (("1" (inst - "t!1") (("1" (assert) nil nil)) nil) ("2" (inst - "t!1 - tr!1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -8 3 4) (("2" (case "vo!1`x /= 0 OR vo!1`y /= 0") (("1" (split) (("1" (factor -7) (("1" (div-by -7 "vo!1`x") (("1" (case-replace "vo!1`x * tr!1 * (1 - j!1) / vo!1`x = tr!1 * (1 - j!1)") (("1" (assert) nil nil) ("2" (field 1) nil nil)) nil)) nil)) nil) ("2" (factor -8) (("2" (div-by -8 "vo!1`y") (("2" (case-replace "vo!1`y * tr!1 * (1 - j!1) / vo!1`y = tr!1 * (1 - j!1)") (("1" (assert) nil nil) ("2" (field 1) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "hor_speed_gt_0?") (("2" (replace -1) (("2" (replace -2) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((vert_speeds_equal formula-decl nil gs_only nil) (RR3D_criteria? const-decl "bool" gs_only nil) (hor_sep? const-decl "bool" criteria nil) (at const-decl "Vect3" criteria nil) (+ const-decl "Vect3" Vectors nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (zero_div formula-decl nil extra_tegies "Field/") (times_div_cancel1 formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (both_sides_div1 formula-decl nil real_props nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (= const-decl "[T, T -> boolean]" equalities nil) (* const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (separation? const-decl "bool" criteria nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (pred_sep? const-decl "bool" common_defs nil) (time_definition? const-decl "bool" gs_only nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) nil nil nil nil)) (escape_time_defined_TCC1 0 (escape_time_defined_TCC1-1 nil 3287930046 nil ("" (subtype-tcc) nil nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil) (time_definition? const-decl "bool" gs_only nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (sq const-decl "nonneg_real" sq "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (hor_sep? const-decl "bool" criteria nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (RR3D_criteria? const-decl "bool" gs_only nil)) nil nil nil nil)) (escape_time_defined 0 (escape_time_defined-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "RR3D_criteria?") (("" (expand "time_definition?") (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (replace -4) (("" (hide -4) (("" (replace -4) (("" (hide -4) (("" (hide -4) (("" (replace -5) (("" (hide -5) (("" (replace -5) (("" (hide -5) (("" (hide -5) (("" (expand "-") (("" (replace -1) (("" (hide -1) (("" (assert) (("" (expand "hor_speed_gt_0?") (("" (expand "sq") (("" (case "vo!1`x = 0 AND vo!1`y = 0") (("1" (flatten) (("1" (replace -1) (("1" (replace -2) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (factor -4) (("2" (factor -5) (("2" (prop) (("1" (case "vo!1`x * te!1 * (k!1 - j!1) = te!1 * (k!1 - j!1) * vo!1`x") (("1" (replace -1) (("1" (hide -1) (("1" (div-by -4 "vo!1`x") (("1" (factor -4) (("1" (div-by -4 "(k!1 - j!1)") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil) ("2" (case "vo!1`y * te!1 * (k!1 - j!1) = te!1 * (k!1 - j!1)*vo!1`y") (("1" (replace -1) (("1" (div-by -6 "vo!1`y") (("1" (factor -6) (("1" (div-by -6 "(k!1 - j!1)") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((RR3D_criteria? const-decl "bool" gs_only nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (times_div_cancel2 formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (both_sides_div1 formula-decl nil real_props nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (sq const-decl "nonneg_real" sq "reals/") (time_definition? const-decl "bool" gs_only nil)) nil nil nil nil)) (line_correctness 0 (line_correctness-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (case "sq_norm2(v!1) > 0") (("1" (lemma "separation_lem") (("1" (inst - "s!1" "tau(s!1,v!1)" "v!1") (("1" (assert) (("1" (lemma "line_case_correctness") (("1" (inst - "at(s!1, v!1, tau(s!1,v!1))" "v!1") (("1" (expand "at") (("1" (lemma "tau_is_tangent_pt") (("1" (inst?) (("1" (assert) (("1" (expand "at") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (grind) nil nil)) nil)) nil)) nil)) nil) proved-complete ((ground_speed_only_absolute? const-decl "bool" common_defs nil) (sq_norm2 const-decl "real" Vectors nil) (Vect3 type-eq-decl nil Vectors nil) (> const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (tau const-decl "real" criteria nil) (line_case_correctness formula-decl nil criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (at const-decl "Vect3" criteria nil) (separation_lem formula-decl nil criteria nil) (sq const-decl "nonneg_real" sq "reals/")) nil nil nil nil)) (line_correctness2 0 (line_correctness2-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "line_case?") (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (case "sq_norm2(v!1) > 0") (("1" (lemma "separation_lem") (("1" (inst - "s!1" "tau(s!1,v!1)" "v!1") (("1" (assert) (("1" (lemma "line_case_correctness") (("1" (inst - "at(s!1, v!1, tau(s!1,v!1))" "v!1") (("1" (expand "at") (("1" (lemma "tau_is_tangent_pt") (("1" (inst?) (("1" (assert) (("1" (expand "at") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((line_case? const-decl "bool" gs_only nil) (sq const-decl "nonneg_real" sq "reals/") (separation_lem formula-decl nil criteria nil) (at const-decl "Vect3" criteria nil) (tau_is_tangent_pt formula-decl nil criteria nil) (line_case_correctness formula-decl nil criteria nil) (tau const-decl "real" criteria nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (> const-decl "bool" reals nil) (Vect3 type-eq-decl nil Vectors nil) (sq_norm2 const-decl "real" Vectors nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil)) nil nil nil nil)) (gs_timeliness_TCC1 0 (gs_timeliness_TCC1-1 nil 3287930046 nil ("" (subtype-tcc) nil nil) proved-complete ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil) (/= const-decl "boolean" notequal nil)) nil nil nil nil)) (gs_timeliness 0 (gs_timeliness-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "at") (("" (replace -3) (("" (hide -3) (("" (replace -3) (("" (hide -3) (("" (expand "ground_speed_only_absolute?") (("" (flatten) (("" (expand "-") (("" (expand "+ ") (("" (expand "*") (("" (replace -2) (("" (hide -2) (("" (replace -2) (("" (hide -2) (("" (replace -2) (("" (hide -2) (("" (replace -3) (("" (hide -3) (("" (replace -3) (("" (hide -3) (("" (replace -3) (("" (hide -3) (("" (hide-all-but (1 2)) (("" (split) (("1" (field 1) nil nil) ("2" (field 1) nil nil) ("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((at const-decl "Vect3" criteria nil) (+ const-decl "Vect3" Vectors nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (both_sides_times1 formula-decl nil real_props nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (* const-decl "Vect3" Vectors nil) (ground_speed_only_absolute? const-decl "bool" common_defs nil)) nil nil nil nil))) $$$gs_only_algo.pvs gs_only_algo: THEORY BEGIN IMPORTING gs_only, criteria, common_defs, sign s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity vv : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR posreal % Recovery time te : VAR real % Escape time t : VAR real % time k, j: VAR real % scale factors for escape and recovery ground speed ss : VAR real % generic scale factor m : VAR solution a : VAR real b : VAR real c : VAR real % % % ---------------------------------------------------------------- % Algorithm Components % ---------------------------------------------------------------- % % compute_line_factor(s, vo, vi, tr) : nnreal = LET v = vo - vi, a = (sq(D)*(sq(vo`x)+sq(vo`y))-sq(s`x*vo`y-s`y*vo`x)), b = 2*(-sq(D)*(vo`x*vi`x+vo`y*vi`y) +(s`x*vo`y-s`y*vo`x)*(s`x*vi`y-s`y*vi`x)), c = sq(D)*(sq(vi`x)+sq(vi`y))-sq(s`x*vi`y-s`y*vi`x) IN IF ((a /= 0 AND discr(a, b, c) > 0) OR (a = 0 AND b /= 0)) THEN LET ss = IF a /= 0 THEN x1(a, b, c) ELSE -c / b ENDIF, vv = (# x:= ss*vo`x - vi`x, y:= ss*vo`y - vi`y, z:= vo`z - vi`z #) IN IF ss > 0 AND hor_speed_gt_0?(vv) THEN ss ELSE 0 % no line solutions ENDIF ELSE 0 % no line solutions ENDIF compute_line_factor_alt(s, vo, vi, tr) : nnreal = LET v = vo - vi, a = (sq(D)*(sq(vo`x)+sq(vo`y))-sq(s`x*vo`y-s`y*vo`x)), b = 2*(-sq(D)*(vo`x*vi`x+vo`y*vi`y) +(s`x*vo`y-s`y*vo`x)*(s`x*vi`y-s`y*vi`x)), c = sq(D)*(sq(vi`x)+sq(vi`y))-sq(s`x*vi`y-s`y*vi`x) IN IF a /= 0 AND discr(a, b, c) > 0 THEN LET ss = x2(a, b, c), vv = (# x:= ss*vo`x - vi`x, y:= ss*vo`y - vi`y, z:= vo`z - vi`z #) IN IF ss > 0 AND hor_speed_gt_0?(vv) THEN ss ELSE 0 % no line solutions ENDIF ELSE 0 % no line solutions ENDIF compute_in_circle_factor(s, vo, vi, tr) : nnreal = LET v = vo - vi IN IF v`z /= 0 THEN LET t = theta(-1, s`z, v`z), a = sq(t)*(sq(vo`x)+sq(vo`y)), b = 2*t*(s`x*vo`x - t*vi`x*vo`x + s`y*vo`y - t*vi`y*vo`y), c = sq(s`x-t*vi`x) + sq(s`y-t*vi`y) - sq(D) IN IF ((a /= 0 AND discr(a, b, c) > 0) OR (a = 0 AND b /= 0)) THEN LET k = IF a /= 0 THEN x1(a, b, c) ELSE -c / b ENDIF, ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IN IF k > 0 AND exit?(at(s,ve,t), ve) THEN k ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF compute_in_circle_factor_alt(s, vo, vi, tr) : nnreal = LET v = vo - vi IN IF v`z /= 0 THEN LET t = theta(-1, s`z, v`z), a = sq(t)*(sq(vo`x)+sq(vo`y)), b = 2*t*(s`x*vo`x - t*vi`x*vo`x + s`y*vo`y - t*vi`y*vo`y), c = sq(s`x-t*vi`x) + sq(s`y-t*vi`y) - sq(D) IN IF (a /= 0 AND discr(a, b, c) > 0) THEN LET k = x2(a, b, c), ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IN IF k > 0 AND exit?(at(s,ve,t), ve) THEN k ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF compute_out_circle_factor(s, vo, vi, tr) : nnreal = LET v = vo - vi IN IF v`z /= 0 THEN LET sc = s + tr * v, t = theta(1, s`z, v`z) - tr, a = sq(t)*(sq(vo`x)+sq(vo`y)), b = 2*t*(sc`x*vo`x - t*vi`x*vo`x + sc`y*vo`y - t*vi`y*vo`y), c = sq(sc`x-t*vi`x) + sq(sc`y-t*vi`y) - sq(D) IN IF ((a /= 0 AND discr(a, b, c) > 0) OR (a = 0 AND b /= 0)) THEN LET k = IF a /= 0 THEN x1(a, b, c) ELSE -c / b ENDIF, ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IN IF k > 0 AND entry?(at(sc,ve,t), ve) THEN k ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF compute_out_circle_factor_alt(s, vo, vi, tr) : nnreal = LET v = vo - vi IN IF v`z /= 0 THEN LET sc = s + tr * v, t = theta(1, s`z, v`z) - tr, a = sq(t)*(sq(vo`x)+sq(vo`y)), b = 2*t*(sc`x*vo`x - t*vi`x*vo`x + sc`y*vo`y - t*vi`y*vo`y), c = sq(sc`x-t*vi`x) + sq(sc`y-t*vi`y) - sq(D) IN IF a /= 0 AND discr(a, b, c) > 0 THEN LET k = x2(a, b, c), ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IN IF k > 0 AND entry?(at(sc,ve,t), ve) THEN k ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF ELSE 0 % no circle solutions ENDIF compute_factor_for_in_circle(j, s, vo, vi, tr) : nnreal = LET v = vo - vi IN IF v`z /= 0 AND j > 0 THEN LET t = theta(1, s`z, v`z) IN IF 0 < t THEN LET k = (j * (t - tr) + tr) / t, ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #) IN IF k > 0 AND entry_point?(at(s, ve, t), ve) THEN k ELSE 0 % no in_circle solutions ENDIF ELSE 0 % no in_circle solutions ENDIF ELSE 0 % no in_circle solutions ENDIF compute_factor_for_out_circle(k, s, vo, vi, tr) : nnreal = LET v = vo - vi IN IF v`z /= 0 AND k > 0 THEN LET t = theta(-1, s`z, v`z) IN IF t < tr THEN LET j = (k * t - tr) / (t - tr), vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) IN IF j > 0 AND exit_point?(at(at(s, v, tr), vr, t - tr), vr) THEN j ELSE 0 % no out_circle solutions ENDIF ELSE 0 % no out_circle solutions ENDIF ELSE 0 % no out_circle solutions ENDIF % % % ---------------------------------------------------------------- % The Ground-Speed Only Algorithm % ---------------------------------------------------------------- % % form_gs_solution(k, j, s, vo, vi, tr) : set[solution] = LET ve = (# x:= k*vo`x - vi`x, y:= k*vo`y - vi`y, z:= vo`z - vi`z #), vr = (# x:= j*vo`x - vi`x, y:= j*vo`y - vi`y, z:= vo`z - vi`z #) IN IF k > 0 AND j > 0 AND j /= k AND 0 < tr * (1 - j) / (k - j) AND tr * (1 - j) / (k - j) < tr THEN singleton((# ve:= ve, vr:= vr, te:= tr * (1 - j) / (k - j) #)) ELSE emptyset ENDIF gs_only_algo(s, vo, vi, tr) : set[solution] = LET le = compute_line_factor(s, vo, vi, tr), lea = compute_line_factor_alt(s, vo, vi, tr), lr = compute_line_factor(at(s, vo - vi, tr), vo, vi, tr), lra = compute_line_factor_alt(at(s, vo - vi, tr), vo, vi, tr), ce = compute_in_circle_factor(s, vo, vi, tr), cea = compute_in_circle_factor_alt(s, vo, vi, tr), cr = compute_out_circle_factor(s, vo, vi, tr), cra = compute_out_circle_factor_alt(s, vo, vi, tr), ec = compute_factor_for_in_circle(cr, s, vo, vi, tr), eca = compute_factor_for_in_circle(cra, s, vo, vi, tr), rc = compute_factor_for_out_circle(ce, s, vo, vi, tr), rca = compute_factor_for_out_circle(cea, s, vo, vi, tr) IN union( form_gs_solution(le, lr, s, vo, vi, tr), union( form_gs_solution(lea, lr, s, vo, vi, tr), union( form_gs_solution(le, lra, s, vo, vi, tr), union( form_gs_solution(lea, lra, s, vo, vi, tr), union( form_gs_solution(ce, lr, s, vo, vi, tr), union( form_gs_solution(cea, lr, s, vo, vi, tr), union( form_gs_solution(ce, lra, s, vo, vi, tr), union( form_gs_solution(cea, lra, s, vo, vi, tr), union( form_gs_solution(le, cr, s, vo, vi, tr), union( form_gs_solution(lea, cr, s, vo, vi, tr), union( form_gs_solution(le, cra, s, vo, vi, tr), union( form_gs_solution(lea, cra, s, vo, vi, tr), union( form_gs_solution(ce, cr, s, vo, vi, tr), union( form_gs_solution(cea, cr, s, vo, vi, tr), union( form_gs_solution(ce, cra, s, vo, vi, tr), union( form_gs_solution(cea, cra, s, vo, vi, tr), union( form_gs_solution(ec, cr, s, vo, vi, tr), union( form_gs_solution(eca, cra, s, vo, vi, tr), union( form_gs_solution(ce, rc, s, vo, vi, tr), form_gs_solution(cea, rca, s, vo, vi, tr)))))))))))))))))))) END gs_only_algo $$$gs_only_algo.prf (gs_only_algo (compute_line_factor_TCC1 0 (compute_line_factor_TCC1-1 nil 3287930047 3310915814 ("" (skosimp*) (("" (split -5) (("1" (flatten) (("1" (assert) nil nil)) nil) ("2" (flatten) nil nil)) nil)) nil) proved nil 1030 870 nil nil)) (compute_line_factor_TCC2 0 (compute_line_factor_TCC2-1 nil 3287930047 3310915814 ("" (skosimp*) (("" (split -5) (("1" (flatten) nil nil) ("2" (flatten) nil nil)) nil)) nil) proved nil 26 20 nil nil)) (compute_line_factor_TCC3 0 (compute_line_factor_TCC3-1 nil 3287930047 3310915815 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved nil 1205 980 nil nil)) (compute_line_factor_TCC4 0 (compute_line_factor_TCC4-1 nil 3288109466 3310915824 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (lift-if) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil) proved nil 8221 7700 t shostak)) (compute_line_factor_alt_TCC1 0 (compute_line_factor_alt_TCC1-1 nil 3287930047 3310915825 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 1090 870 nil nil)) (compute_line_factor_alt_TCC2 0 (compute_line_factor_alt_TCC2-1 nil 3287930047 3310915826 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil) proved nil 1181 1040 nil nil)) (compute_line_factor_alt_TCC3 0 (compute_line_factor_alt_TCC3-1 nil 3288109636 3310915828 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil) proved nil 2304 2120 t shostak)) (compute_in_circle_factor_TCC1 0 (compute_in_circle_factor_TCC1-1 nil 3287930047 3310915829 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 819 690 nil nil)) (compute_in_circle_factor_TCC2 0 (compute_in_circle_factor_TCC2-1 nil 3287930047 3310915830 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 741 650 nil nil)) (compute_in_circle_factor_TCC3 0 (compute_in_circle_factor_TCC3-1 nil 3287930047 3310915831 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved nil 906 760 nil nil)) (compute_in_circle_factor_TCC4 0 (compute_in_circle_factor_TCC4-1 nil 3288109676 3310915839 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (lift-if) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil) proved nil 7837 7150 t shostak)) (compute_in_circle_factor_alt_TCC1 0 (compute_in_circle_factor_alt_TCC1-1 nil 3287930047 3310915839 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 760 660 nil nil)) (compute_in_circle_factor_alt_TCC2 0 (compute_in_circle_factor_alt_TCC2-1 nil 3287930047 3310915840 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil) proved nil 901 760 nil nil)) (compute_in_circle_factor_alt_TCC3 0 (compute_in_circle_factor_alt_TCC3-1 nil 3288109716 3310915842 ("" (assert) (("" (skosimp*) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil) proved nil 2142 1900 t shostak)) (compute_out_circle_factor_TCC1 0 (compute_out_circle_factor_TCC1-1 nil 3287930047 3310915843 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 900 800 nil nil)) (compute_out_circle_factor_TCC2 0 (compute_out_circle_factor_TCC2-1 nil 3287930047 3310915844 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 876 730 nil nil)) (compute_out_circle_factor_TCC3 0 (compute_out_circle_factor_TCC3-1 nil 3287930047 3310915845 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved nil 1061 910 nil nil)) (compute_out_circle_factor_TCC4 0 (compute_out_circle_factor_TCC4-1 nil 3288109777 3310915873 ("" (assert) (("" (skosimp*) (("" (assert) (("" (lift-if) (("" (lift-if) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved nil 27361 25640 t shostak)) (compute_out_circle_factor_alt_TCC1 0 (compute_out_circle_factor_alt_TCC1-1 nil 3287930047 3310915874 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 862 720 nil nil)) (compute_out_circle_factor_alt_TCC2 0 (compute_out_circle_factor_alt_TCC2-1 nil 3287930047 3310921731 ("" (assert) (("" (skosimp*) (("" (prop) (("1" (assert) nil nil) ("2" (assert) nil nil) ("3" (assert) nil nil)) nil)) nil)) nil) proved nil 35585 5980 t nil)) (compute_out_circle_factor_alt_TCC3 0 (compute_out_circle_factor_alt_TCC3-1 nil 3288109829 3310915880 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil) proved nil 4180 3790 t shostak)) (compute_factor_for_in_circle_TCC1 0 (compute_factor_for_in_circle_TCC1-1 nil 3287930047 3310915880 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 72 30 nil nil)) (compute_factor_for_in_circle_TCC2 0 (compute_factor_for_in_circle_TCC2-1 nil 3287930047 3310915880 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil) proved nil 353 280 nil nil)) (compute_factor_for_in_circle_TCC3 0 (compute_factor_for_in_circle_TCC3-1 nil 3288109844 3310915881 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil) proved nil 535 500 t shostak)) (compute_factor_for_out_circle_TCC1 0 (compute_factor_for_out_circle_TCC1-1 nil 3287930047 3310915881 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 174 100 nil nil)) (compute_factor_for_out_circle_TCC2 0 (compute_factor_for_out_circle_TCC2-1 nil 3287930047 3310915881 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (assert) nil nil)) nil)) nil)) nil) proved nil 274 220 nil nil)) (compute_factor_for_out_circle_TCC3 0 (compute_factor_for_out_circle_TCC3-1 nil 3288109855 3310915882 ("" (skosimp*) (("" (assert) (("" (lift-if) (("" (ground) nil nil)) nil)) nil)) nil) proved nil 398 350 t shostak)) (form_gs_solution_TCC1 0 (form_gs_solution_TCC1-1 nil 3287930047 3310915882 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 243 180 nil nil)) (form_gs_solution_TCC2 0 (form_gs_solution_TCC2-1 nil 3288109864 3310915882 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 414 320 t shostak)) (form_gs_solution_TCC3 0 (form_gs_solution_TCC3-1 nil 3288109883 3310915883 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 363 310 t shostak))) $$$ground_speed_only.pvs ground_speed_only: THEORY BEGIN IMPORTING gs_only_algo, line_and_circle_gs_only, gs_only, gs_only_algo, gs_only_prop END ground_speed_only $$$vert_only_prop.pvs vert_only_prop: THEORY BEGIN IMPORTING vert_only_algo, in_circle_vert, out_circle_vert, one_circle_vert, criteria, common_defs, sign s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity vv : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity tr : VAR posreal % Recovery time te : VAR real % Escape time t : VAR real % time vez : VAR real % escape velocity in vert axis vrz : VAR real % recovery velocity in vert axis eps : VAR Sign m : VAR solution % % % ---------------------------------------------------------------- % Proofs of Algorithm Components % ---------------------------------------------------------------- % % form_vert_only : LEMMA member(m, form_vert_only(v, vez, vrz, tr)) IMPLIES vertical_change?(v, m`ve) AND vertical_change?(v, m`vr) AND vertical_change?(m`ve, m`vr) AND s+tr*v = s+m`te*m`ve+(tr-m`te)*m`vr AND m`ve`z = vez AND m`vr`z = vrz in_circle_te_def : LEMMA member(m, vert_in_circle(s, v, tr)) IMPLIES m`te = THETA(s, v, -1) out_circle_te_def : LEMMA member(m, vert_out_circle(s, v, tr)) IMPLIES m`te = THETA(s, v, 1) vert_in_circle_correct : LEMMA hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND member(m, vert_in_circle(s, v, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND vertical_change?(v, m`ve) AND vertical_change?(v, m`vr) AND vertical_change?(m`ve, m`vr) AND s+tr*v = s+m`te*m`ve+(tr-m`te)*m`vr AND 0 < m`te AND m`te < tr vert_out_circle_correct : LEMMA hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND member(m, vert_out_circle(s, v, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND vertical_change?(v, m`ve) AND vertical_change?(v, m`vr) AND vertical_change?(m`ve, m`vr) AND s+tr*v = s+m`te*m`ve+(tr-m`te)*m`vr AND 0 < m`te AND m`te < tr vert_one_circle_correct : LEMMA hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND member(m, vert_one_circle(eps, s, v, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND vertical_change?(v, m`ve) AND vertical_change?(v, m`vr) AND vertical_change?(m`ve, m`vr) AND s+tr*v = s+m`te*m`ve+(tr-m`te)*m`vr AND 0 < m`te AND m`te < tr % % % ----------------------------------------------------------- % Proofs of Vert Speed Only % ----------------------------------------------------------- % % vert_only_algo_correct_alt : THEOREM hor_sep?(s) AND NOT pred_sep?(s,vo-vi,tr) AND member(m, vert_only_algo(s, vo, vi, tr)) IMPLIES separation?(s, m`ve) AND separation?(s + m`te * m`ve, m`vr) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND vertical_change?(vo-vi, m`ve) AND vertical_change?(vo-vi, m`vr) AND vertical_change?(m`ve, m`vr) vert_only_algo_correct : THEOREM hor_sep?(s) AND NOT pred_sep?(s,vo-vi,tr) AND member(m, vert_only_algo(s, vo, vi, tr)) IMPLIES pred_sep?(s, m`ve, m`te) AND pred_sep?(s + m`te * m`ve, m`vr, tr - m`te) AND s + tr * (vo - vi) = s + m`te * m`ve + (tr - m`te) * m`vr AND 0 < m`te AND m`te < tr AND vertical_change?(vo-vi, m`ve) AND vertical_change?(vo-vi, m`vr) AND vertical_change?(m`ve, m`vr) END vert_only_prop $$$vert_only_prop.prf (vert_only_prop (form_vert_only 0 (form_vert_only-1 nil 3287854939 3287917171 ("" (skosimp*) (("" (auto-rewrite "restrict") (("" (expand "member") (("" (expand "form_vert_only") (("" (split -1) (("1" (flatten) (("1" (expand "singleton") (("1" (lemma "vert_timeliness") (("1" (inst?) (("1" (case "vertical_change?(v!1, m!1`ve) AND vertical_change?(m!1`ve, m!1`vr)") (("1" (flatten) (("1" (assert) (("1" (expand "vertical_change?") (("1" (propax) nil nil)) nil)) nil)) nil) ("2" (expand "vertical_change?") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((member const-decl "bool" sets nil) (singleton const-decl "(singleton?)" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (solution type-eq-decl nil common_defs nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (vertical_change? const-decl "bool" common_defs nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (vert_timeliness formula-decl nil one_circle_vert nil) (emptyset const-decl "set" sets nil) (form_vert_only const-decl "set[solution]" vert_only_algo nil)) 3985 530 t nil)) (in_circle_te_def_TCC1 0 (in_circle_te_def_TCC1-1 nil 3287854939 3287917537 ("" (subtype-tcc) nil nil) proved-complete ((vert_in_circle const-decl "set[solution]" vert_only_algo nil) (emptyset const-decl "set" sets nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sq const-decl "nonneg_real" sq "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil) (disc const-decl "real" common_defs nil) (member const-decl "bool" sets nil) (THETA_defined? const-decl "bool" common_defs nil)) 1357 1290 nil nil)) (in_circle_te_def 0 (in_circle_te_def-1 nil 3287854939 3287922485 ("" (skosimp*) (("" (expand "member") (("" (expand "vert_in_circle") (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (expand "sign") (("1" (expand "form_vert_only") (("1" (split) (("1" (case "THETA_defined?(s!1,v!1)") (("1" (flatten) (("1" (expand "singleton") (("1" (replace -4) (("1" (hide -4) (("1" (assert) (("1" (expand "+") (("1" (expand "*") (("1" (assert) (("1" (name "VO_REC" "(sign(s!1`z + tr!1 * v!1`z) * H - s!1`z - tr!1 * v!1`z) / (THETA(s!1, v!1, -1) - tr!1)") (("1" (expand "sign") (("1" (replace -1) (("1" (mult-by 2 "((THETA(s!1, v!1, -1) * VO_REC - VO_REC * tr!1 + tr!1 * v!1`z) / THETA(s!1, v!1, -1) - VO_REC)") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (real-props 2) (("2" (expand "THETA_defined?") (("2" (assert) nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((member const-decl "bool" sets nil) (sign const-decl "Sign" sign nil) (* const-decl "Vect3" Vectors nil) (THETA const-decl "real" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (number_field nonempty-type-from-decl nil number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (both_sides_times1 formula-decl nil real_props nil) (div_cancel2 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) nil nil nil nil (+ const-decl "Vect3" Vectors nil) (singleton const-decl "(singleton?)" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (THETA_defined? const-decl "bool" common_defs nil) (emptyset const-decl "set" sets nil) (form_vert_only const-decl "set[solution]" vert_only_algo nil) (vert_in_circle const-decl "set[solution]" vert_only_algo nil)) 139387 9900 t nil)) (out_circle_te_def_TCC1 0 (out_circle_te_def_TCC1-1 nil 3287854939 nil ("" (subtype-tcc) nil nil) proved-complete ((THETA_defined? const-decl "bool" common_defs nil) (member const-decl "bool" sets nil) (disc const-decl "real" common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (emptyset const-decl "set" sets nil) (vert_out_circle const-decl "set[solution]" vert_only_algo nil)) nil nil nil nil)) (out_circle_te_def 0 (out_circle_te_def-1 nil 3287854939 nil ("" (skosimp*) (("" (expand "member") (("" (expand "vert_out_circle") (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (expand "form_vert_only") (("1" (split) (("1" (case "THETA_defined?(s!1,v!1)") (("1" (flatten) (("1" (expand "singleton") (("1" (replace -4) (("1" (hide -4) (("1" (assert) (("1" (name-replace "VO_ESC" " (-sign(v!1`z) * H - s!1`z) / THETA(s!1, v!1, 1)") (("1" (mult-by 2 "(VO_ESC - (tr!1 * v!1`z - THETA(s!1, v!1, 1) * VO_ESC) / (tr!1 - THETA(s!1, v!1, 1)))") (("1" (field 2) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -1) (("2" (expand "THETA_defined?") (("2" (assert) nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved-complete ((vert_out_circle const-decl "set[solution]" vert_only_algo nil) (both_sides_times1 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (THETA const-decl "real" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (Sign type-eq-decl nil sign nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (- const-decl "[numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (number_field nonempty-type-from-decl nil number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (singleton const-decl "(singleton?)" sets nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (THETA_defined? const-decl "bool" common_defs nil) (emptyset const-decl "set" sets nil) (form_vert_only const-decl "set[solution]" vert_only_algo nil) (member const-decl "bool" sets nil)) nil nil nil nil)) (vert_in_circle_correct 0 (vert_in_circle_correct-1 nil 3287854939 3287925534 ("" (skosimp*) (("" (lemma "in_circle_te_def") (("" (inst?) (("" (assert) (("" (replace -1) (("" (expand "member") (("" (expand "vert_in_circle") (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "form_vert_only") (("1" (inst?) (("1" (inst?) (("1" (inst - "s!1") (("1" (split -1) (("1" (flatten) (("1" (replace -1) (("1" (replace -2) (("1" (replace -3) (("1" (hide -10) (("1" (hide -5) (("1" (assert) (("1" (reveal -1) (("1" (lemma "vert_in_circle") (("1" (inst?) (("1" (inst?) (("1" (inst - "s!1+tr!1*v!1") (("1" (replace -14) (("1" (expand "vertical_change?") (("1" (flatten) (("1" (replace -13) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "THETA_defined?") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "member") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (expand "THETA_defined?") (("4" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((in_circle_te_def formula-decl nil vert_only_prop nil) (member const-decl "bool" sets nil) (form_vert_only formula-decl nil vert_only_prop nil) (vertical_change? const-decl "bool" common_defs nil) (vert_in_circle formula-decl nil in_circle_vert nil) (H const-decl "posreal" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (sign const-decl "Sign" sign nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (clash_type type-eq-decl nil common_defs nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (THETA const-decl "real" common_defs nil) (tr!1 skolem-const-decl "posreal" vert_only_prop nil) (v!1 skolem-const-decl "Vect3" vert_only_prop nil) (s!1 skolem-const-decl "Vect3" vert_only_prop nil) (THETA_defined? const-decl "bool" common_defs nil) (emptyset const-decl "set" sets nil) (vert_in_circle const-decl "set[solution]" vert_only_algo nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (solution type-eq-decl nil common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 202363 9070 t nil)) (vert_out_circle_correct 0 (vert_out_circle_correct-1 nil 3287854939 nil ("" (skosimp*) (("" (lemma "out_circle_te_def") (("" (inst?) (("" (assert) (("" (replace -1) (("" (expand "member") (("" (expand "vert_out_circle") (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "form_vert_only") (("1" (inst?) (("1" (inst?) (("1" (inst - "s!1") (("1" (split -1) (("1" (flatten) (("1" (assert) (("1" (lemma "vert_out_circle") (("1" (inst?) (("1" (inst?) (("1" (inst - "m!1`vr") (("1" (replace -14) (("1" (expand "vertical_change?") (("1" (flatten) (("1" (assert) (("1" (expand "at") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "THETA_defined?") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "member") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (expand "THETA_defined?") (("4" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (vert_one_circle_correct 0 (vert_one_circle_correct-1 nil 3287854939 nil ("" (skosimp*) (("" (expand "member") (("" (expand "vert_one_circle") (("" (split) (("1" (flatten) (("1" (split) (("1" (flatten) (("1" (lemma "form_vert_only") (("1" (inst?) (("1" (inst?) (("1" (expand "member") (("1" (assert) (("1" (lemma "vert_one_circle") (("1" (inst?) (("1" (inst?) (("1" (expand "vertical_change?") (("1" (flatten) (("1" (assert) (("1" (expand "form_vert_only") (("1" (split -15) (("1" (flatten) (("1" (assert) (("1" (expand "singleton") (("1" (replace -3 -4) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (expand "THETA_defined?") (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (expand "emptyset") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (vert_only_algo_correct_alt 0 (vert_only_algo_correct_alt-1 nil 3287854939 nil ("" (skosimp*) (("" (lemma "vert_in_circle_correct") (("" (inst?) (("" (lemma "vert_out_circle_correct") (("" (inst?) (("" (lemma "vert_one_circle_correct") (("" (inst?) (("" (inst - "1") (("" (lemma "vert_one_circle_correct") (("" (inst - "-1" "_" "_" "_" "_") (("" (inst?) (("" (expand "vertical_change?") (("" (assert) (("" (expand "member") (("" (expand "vert_only_algo") (("" (expand "union") (("" (expand "member") (("" (split -6) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil) ("2" (assert) (("2" (flatten) (("2" (assert) nil nil)) nil)) nil) ("3" (assert) (("3" (flatten) (("3" (assert) nil nil)) nil)) nil) ("4" (assert) (("4" (flatten) (("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil)) (vert_only_algo_correct 0 (vert_only_algo_correct-1 nil 3287854939 nil ("" (skosimp*) (("" (lemma "vert_only_algo_correct_alt") (("" (inst?) (("" (assert) (("" (flatten) (("" (assert) (("" (lemma "sep_connection") (("" (inst - "s!1" "m!1`te" "m!1`ve") (("" (assert) (("" (lemma "sep_connection") (("" (inst - "s!1+m!1`te*m!1`ve" "tr!1-m!1`te" "m!1`vr") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked nil nil nil nil nil))) $$$vert_only_algo.pvs vert_only_algo: THEORY BEGIN IMPORTING criteria, common_defs, sign s : VAR Vect3 % Relative position vo : VAR Vect3 % Ownship absolute velocity vi : VAR Vect3 % Intruder absolute velocity v : VAR Vect3 % Relative velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity se : VAR Vect3 % Relative position at the end of the escape manuver sr : VAR Vect3 % Relative position at the end of the escape manuver, % which is also the final position tr : VAR posreal % Recovery time te : VAR real % Escape time t : VAR real % time vez : VAR real % escape velocity in vert axis vrz : VAR real % recovery velocity in vert axis eps : VAR Sign % % % ---------------------------------------------------------------- % Algorithm Components % ---------------------------------------------------------------- % % form_vert_only(v, vez, vrz, tr) : set[solution] = LET ve = (# x:= v`x, y:= v`y, z:= vez #), vr = (# x:= v`x, y:= v`y, z:= vrz #) IN IF vez /= vrz AND 0 < tr*(v`z - vrz)/(vez-vrz) AND tr*(v`z - vrz)/(vez-vrz) < tr THEN singleton[solution]((# ve:= ve, vr:= vr, te:= tr*(v`z - vrz)/(vez-vrz) #)) ELSE emptyset[solution] ENDIF vert_in_circle(s, v, tr) : set[solution] = LET sr = s + tr*v IN IF hor_speed_gt_0?(v) AND disc(s, v) > 0 %AND tr > 0 THEN LET te = THETA(s, v, -1) IN IF 0 < te AND te < tr AND abs(sr`z) >= H THEN LET vrz = (sign(sr`z)*H - sr`z)/(te-tr), vez = (tr*v`z - (tr - te)*vrz)/te IN form_vert_only(v, vez, vrz, tr) ELSE emptyset ENDIF ELSE emptyset % should never get here if predicted conflict ENDIF vert_out_circle(s, v, tr) : set[solution] = IF hor_speed_gt_0?(v) AND disc(s, v) > 0 %AND tr > 0 THEN LET te = THETA(s, v, 1) IN IF 0 < te AND te < tr AND abs(s`z) >= H THEN LET vez = (-sign(v`z)*H - s`z)/te, vrz = (tr*v`z-te*vez) / (tr-te) IN form_vert_only(v, vez, vrz, tr) ELSE emptyset ENDIF ELSE emptyset % should never get here if predicted conflict ENDIF vert_one_circle(eps, s, v, tr) : set[solution] = LET sr = s + tr*v IN IF hor_speed_gt_0?(v) AND disc(s, v) > 0 %AND tr > 0 THEN LET tp = THETA(s, v, -1), tpp = THETA(s, v, 1) IN IF 0 < tp AND tpp < tr AND eps*s`z < H AND eps*sr`z < H THEN LET vez = (eps*H - s`z) / tp, vrz = (eps*H - sr`z) / (tpp - tr) IN form_vert_only(v, vez, vrz, tr) ELSE emptyset ENDIF ELSE emptyset % should never get here if predicted conflict ENDIF vert_only_algo(s, vo, vi, tr) : set[solution] = LET v = vo - vi IN union( vert_in_circle(s, v, tr), union( vert_out_circle(s, v, tr), union( vert_one_circle( 1, s, v, tr), vert_one_circle(-1, s, v, tr)))) END vert_only_algo $$$vert_only_algo.prf (|vert_only_algo| (|form_vert_only_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|vert_in_circle_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|vert_in_circle_TCC2| "" (SUBTYPE-TCC) NIL NIL) (|vert_in_circle_TCC3| "" (SUBTYPE-TCC) NIL NIL) (|vert_out_circle_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|vert_out_circle_TCC2| "" (SUBTYPE-TCC) NIL NIL) (|vert_out_circle_TCC3| "" (SUBTYPE-TCC) NIL NIL) (|vert_one_circle_TCC1| "" (SUBTYPE-TCC) NIL NIL) (|vert_one_circle_TCC2| "" (SUBTYPE-TCC) NIL NIL)) $$$one_circle_vert.pvs one_circle_vert: THEORY BEGIN IMPORTING criteria, common_defs % D : posreal --- now in criteria % H : posreal --- now in criteria l,r,b,c : VAR real a : VAR nonzero_real so : VAR Vect3 % Ownship position vo : VAR Vect3 % Ownship velocity tt : VAR real % Target time st : VAR Vect3 % Target position si : VAR Vect3 % Intruder position vi : VAR Vect3 % Intruder velocity te : VAR real % Escape time voe : VAR Vect3 % Escape velocity tr : VAR real % Recovery time vor : VAR Vect3 % Recovery velocity s : VAR Vect3 % Relative ownship position v : VAR Vect3 % Relative ownship velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity sr : VAR Vect3 % Relative final position eps, epsp : VAR Sign p, vop : VAR Vect3 t, t1, t2, t3 : VAR real v1, v2 : VAR Vect3 vert_one_circle_esc: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v+vi,ve+vi) AND vertical_change?(ve+vi,vr+vi) AND 0 < te AND te < tr AND 0 < THETA(s, v, -1) AND THETA(s,v, 1) < tr AND sr = s + tr*v AND eps*s`z < H AND eps*sr`z < H AND ve`z = (eps*H - s`z)/THETA(s, v, -1) IMPLIES separation?(s,ve) timeliness : THEOREM % hor_sep?(s) AND % NOT pred_sep?(s,v,tr) AND vertical_change?(v+vi,ve+vi) AND vertical_change?(ve+vi,vr+vi) AND % 0 < te AND % te < tr AND % 0 < THETA(s, v, -1) AND % THETA(s,v,1) < tr AND % sr = s + tr*v AND % eps*s`z < H AND eps*sr`z < H AND % ve`z = (eps*H - s`z)/THETA(s, v, -1) AND % vr`z = (eps*H - sr`z)/(THETA(s, v, 1) - tr) AND ve`z /= vr`z AND te = tr*(v`z - vr`z)/(ve`z - vr`z) IMPLIES s+tr*v = s+te*ve+(tr-te)*vr vert_timeliness : LEMMA vertical_change?(v,ve) AND vertical_change?(ve,vr) AND ve`z /= vr`z AND te = tr*(v`z - vr`z)/(ve`z - vr`z) IMPLIES s+tr*v = s+te*ve+(tr-te)*vr vert_one_circle_rec : THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v+vi,ve+vi) AND vertical_change?(ve+vi,vr+vi) AND 0 < te AND te < tr AND 0 < THETA(s, v, -1) AND THETA(s,v, 1) < tr AND sr = s + tr*v AND eps*s`z < H AND eps*sr`z < H AND ve`z = (eps*H - s`z)/THETA(s, v, -1) AND vr`z = (eps*H - sr`z)/(THETA(s, v, 1) - tr) AND ve`z /= vr`z AND te = tr*(v`z - vr`z)/(ve`z - vr`z) IMPLIES separation?(s+te*ve,vr) vert_one_circle: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND sr = s + tr*v AND 0 < te AND % POST COMPUTATION TEST te < tr AND % POST COMPUTATION TEST ve`z /= vr`z AND % POST COMPUTATION TEST 0 < THETA(s, v, -1) AND % TEST CONDITION THETA(s,v, 1) < tr AND % TEST CONDITION eps*s`z < H AND eps*sr`z < H AND % TEST CONDITION te = tr*(v`z - vr`z)/(ve`z - vr`z) AND % COMPUTED VALUES ve`z = (eps*H - s`z)/THETA(s, v, -1) AND vr`z = (eps*H - sr`z)/(THETA(s, v, 1) - tr) AND ve`x = v`x AND ve`y = v`y AND vr`x = v`x AND vr`y = v`y IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) END one_circle_vert $$$one_circle_vert.prf (one_circle_vert (vert_one_circle_esc_TCC1 0 (vert_one_circle_esc_TCC1-1 nil 3287854938 3287855066 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 113 110 nil nil)) (vert_one_circle_esc_TCC2 0 (vert_one_circle_esc_TCC2-1 nil 3287854938 3287855070 ("" (subtype-tcc) nil nil) proved ((Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil)) 4432 4280 nil nil)) (vert_one_circle_esc 0 (vert_one_circle_esc-1 nil 3287854938 3287857151 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (lemma "separation_lem") (("" (inst - "s!1" "THETA(s!1,v!1,-1)" "ve!1") (("" (assert) (("" (hide 3) (("" (lemma "ccc") (("" (inst?) (("" (assert) (("" (hide 2) (("" (split +) (("1" (hide-all-but (-12 1)) (("1" (mult-by -1 "THETA(s!1, v!1, -1)") (("1" (typepred "eps!1") (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 2) (("2" (split +) (("1" (lemma "entry_it_is") (("1" (inst?) (("1" (assert) (("1" (hide-all-but (-1 -4 -5 1)) (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 -7 -10 -12 1)) (("2" (expand "+ ") (("2" (expand "*") (("2" (mult-by -4 "THETA(s!1, v!1, -1)") (("2" (rewrite "div_cancel2") (("2" (case "eps!1 * ve!1`z > 0 ") (("1" (mult-by -2 "ve!1`z") (("1" (replace -1) (("1" (hide -1) (("1" (assert) (("1" (mult-by -1 "H") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (hide -1) (("2" (typepred "eps!1") (("2" (grind :exclude "THETA") (("1" (mult-by 1 "THETA(s!1, v!1, -1)") (("1" (assert) nil nil)) nil) ("2" (mult-by 1 "THETA(s!1, v!1, -1)") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (bool nonempty-type-eq-decl nil booleans nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (THETA const-decl "real" common_defs nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (on_cyl? const-decl "bool" criteria nil) (entry? const-decl "bool" criteria nil) (entry_point? const-decl "bool" criteria nil) (vertical_change? const-decl "bool" common_defs nil) (entry_it_is formula-decl nil common_defs nil) (both_sides_times_pos_gt1 formula-decl nil real_props nil) (disc const-decl "real" common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (NOT const-decl "[bool -> bool]" booleans nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (H const-decl "posreal" criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (ccc formula-decl nil criteria nil) (separation_lem formula-decl nil criteria nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 330876 27460 t nil)) (timeliness_TCC1 0 (timeliness_TCC1-1 nil 3287854938 3287857154 ("" (subtype-tcc) nil nil) proved ((+ const-decl "Vect3" Vectors nil) (vertical_change? const-decl "bool" common_defs nil) (/= const-decl "boolean" notequal nil)) 220 190 nil nil)) (timeliness 0 (timeliness-1 nil 3287854938 3287857154 ("" (skosimp*) (("" (expand "+ " 2) (("" (prop) (("1" (hide -3) (("1" (expand "vertical_change?") (("1" (flatten) (("1" (expand "+ ") (("1" (expand "*") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "vertical_change?") (("2" (flatten) (("2" (expand "+ ") (("2" (expand "*") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("3" (hide -1 -2) (("3" (expand "*") (("3" (mult-by -1 "(ve!1`z - vr!1`z)") (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((+ const-decl "Vect3" Vectors nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (/= const-decl "boolean" notequal nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (ve!1 skolem-const-decl "Vect3" one_circle_vert nil) (vr!1 skolem-const-decl "Vect3" one_circle_vert nil) (div_cancel2 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (* const-decl "Vect3" Vectors nil) (vertical_change? const-decl "bool" common_defs nil)) 619 560 nil nil)) (vert_timeliness_TCC1 0 (vert_timeliness_TCC1-1 nil 3287854938 3287857155 ("" (subtype-tcc) nil nil) proved ((vertical_change? const-decl "bool" common_defs nil) (/= const-decl "boolean" notequal nil)) 181 180 nil nil)) (vert_timeliness 0 (vert_timeliness-1 nil 3287854938 3287857155 ("" (skosimp*) (("" (expand "+ ") (("" (prop) (("1" (hide -3) (("1" (expand "vertical_change?") (("1" (flatten) (("1" (expand "*") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (expand "vertical_change?") (("2" (flatten) (("2" (expand "*") (("2" (assert) nil nil)) nil)) nil)) nil) ("3" (hide -1 -2) (("3" (expand "*") (("3" (cross-mult -1) (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((+ const-decl "Vect3" Vectors nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (* const-decl "Vect3" Vectors nil) (vertical_change? const-decl "bool" common_defs nil)) 512 450 nil nil)) (vert_one_circle_rec_TCC1 0 (vert_one_circle_rec_TCC1-1 nil 3287854938 3287857163 ("" (subtype-tcc) nil nil) proved ((Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil)) 8423 8280 nil nil)) (vert_one_circle_rec 0 (vert_one_circle_rec-1 nil 3287854938 3287915504 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (case-replace "s!1 + te!1 * ve!1 = sr!1 - (tr!1 - te!1)*vr!1") (("1" (hide -1) (("1" (lemma "separation_lem") (("1" (inst -1 "sr!1 - (tr!1 - te!1) * vr!1" "THETA(s!1, v!1, 1) - te!1" "vr!1") (("1" (assert) (("1" (hide 4) (("1" (lemma "ccc") (("1" (inst?) (("1" (assert) (("1" (hide 2) (("1" (field -12) (("1" (flatten) (("1" (field -13) (("1" (flatten) (("1" (split +) (("1" (expand "*") (("1" (expand "+") (("1" (expand "-") (("1" (assert) (("1" (move-terms -1 l 2) (("1" (replace -1) (("1" (assert) (("1" (hide-all-but 1) (("1" (typepred "eps!1") (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 1) (("2" (prop) (("1" (lemma "exit_it_is") (("1" (inst?) (("1" (assert) (("1" (hide-all-but (-1 -12 -6 -7 1)) (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil)) nil) ("2" (hide -3) (("2" (expand "+") (("2" (expand "-") (("2" (expand "*") (("2" (case "eps!1 * vr!1`z < 0") (("1" (hide -4) (("1" (assert) (("1" (move-terms -2 l 2) (("1" (mult-by -2 "z(vr!1)") (("1" (replace -1) (("1" (assert) (("1" (hide -1) (("1" (mult-by -1 "H") (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -2 -4 -5 -8 -13 2 3) (("2" (move-terms -5 r 1) (("2" (name-replace "TMTR" "(THETA(s!1, v!1, 1) - tr!1)") (("2" (typepred "eps!1") (("2" (mult-by 1 "-TMTR") (("2" (hide -3 -4 -5 -6 -7 -8 2 3) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-9 -14 -3 -4 1 3)) (("2" (case "te!1*(ve!1`z - vr!1`z) = tr!1 * (v!1`z - vr!1`z) ") (("1" (hide -5) (("1" (grind) nil nil)) nil) ("2" (hide-all-but (-4 1 3)) (("2" (mult-by -1 "(ve!1`z - vr!1`z)") (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (bool nonempty-type-eq-decl nil booleans nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (THETA const-decl "real" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (exit_point? const-decl "bool" criteria nil) (exit? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (exit_it_is formula-decl nil common_defs nil) (both_sides_times_pos_ge1_imp formula-decl nil extra_real_props "Manip/") (TMTR skolem-const-decl "real" one_circle_vert nil) (both_sides_times_pos_lt1 formula-decl nil real_props nil) (< const-decl "bool" reals nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (NOT const-decl "[bool -> bool]" booleans nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (X20__ skolem-const-decl "real" one_circle_vert nil) (X17__ skolem-const-decl "real" one_circle_vert nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (ccc formula-decl nil criteria nil) (separation_lem formula-decl nil criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (= const-decl "[T, T -> boolean]" equalities nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 1586576 58200 t nil)) (vert_one_circle_TCC1 0 (vert_one_circle_TCC1-1 nil 3287854938 nil ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) nil nil nil nil nil nil)) (vert_one_circle_TCC2 0 (vert_one_circle_TCC2-1 nil 3287854938 nil ("" (subtype-tcc) nil nil) nil nil nil nil nil nil)) (vert_one_circle_TCC3 0 (vert_one_circle_TCC3-1 nil 3287854938 nil ("" (subtype-tcc) nil nil) nil nil nil nil nil nil)) (vert_one_circle_TCC4 0 (vert_one_circle_TCC4-1 nil 3287854938 nil ("" (subtype-tcc) nil nil) nil nil nil nil nil nil)) (vert_one_circle 0 (vert_one_circle-1 nil 3287854938 nil ("" (skosimp*) (("" (prop) (("1" (lemma "vert_one_circle_esc") (("1" (inst?) (("1" (inst -1 "eps!1" " te!1" " ve!1" "ve!1" " vr!1") (("1" (assert) (("1" (expand "vertical_change?") (("1" (expand "+ ") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "vert_one_circle_rec") (("2" (inst?) (("2" (inst -1 "te!1" "ve!1" "ve!1") (("2" (assert) (("2" (expand "vertical_change?") (("2" (expand "+ ") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) untried nil nil nil nil nil))) $$$out_circle_vert.pvs out_circle_vert: THEORY BEGIN IMPORTING criteria, common_defs l,r,b,c : VAR real a : VAR nonzero_real so : VAR Vect3 % Ownship position vo : VAR Vect3 % Ownship velocity tt : VAR real % Target time st : VAR Vect3 % Target position si : VAR Vect3 % Intruder position vi : VAR Vect3 % Intruder velocity te : VAR real % Escape time voe : VAR Vect3 % Escape velocity tr : VAR real % Recovery time vor : VAR Vect3 % Recovery velocity s : VAR Vect3 % Relative ownship position v : VAR Vect3 % Relative ownship velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity sr : VAR Vect3 % Relative final position eps, epsp : VAR Sign p, vop : VAR Vect3 t, t1, t2, t3 : VAR real v1, v2 : VAR Vect3 % signs_are_opposite: LEMMA % hor_sep?(s) AND % NOT pred_sep?(s,v,tr) AND % 0 < tr AND % had to make this explicit for TCC % 0 < THETA(s, v, 1) AND % abs(s`z) >= H AND % ve`z = (-sign(v`z)*H - s`z)/THETA(s, v, 1) % IMPLIES % sign(s`z) = -sign(v`z) signs_are_opposite: LEMMA NOT pred_sep?(s,v,tr) AND abs(s`z) >= H IMPLIES sign(s`z) = -sign(v`z) CC: VAR posreal signs_ve_z: LEMMA %% NEW %% NOT pred_sep?(s,v,tr) AND abs(s`z) >= H AND ve`z = (-sign(v`z)*H - s`z)/CC AND ve`z /= 0 IMPLIES sign(ve`z) = sign(v`z) vert_out_circle_escape: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v,ve) AND 0 < tr AND % had to make this explicit for TCC 0 < THETA(s, v, 1) AND THETA(s, v, 1) < tr AND abs(s`z) >= H AND ve`z = (-sign(v`z)*H - s`z)/THETA(s, v, 1) IMPLIES separation?(s,ve) signs_vr_z: LEMMA %% NEW %% NOT pred_sep?(s,v,tr) AND abs(s`z) >= H AND ve`z = (-sign(v`z)*H - s`z)/CC AND tr - CC > 0 AND vr`z = (tr*v`z-CC*ve`z) / (tr-CC) IMPLIES sign(vr`z) = -sign(s`z) vert_out_circle_rec: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v,ve) AND vertical_change?(ve,vr) AND 0 < tr AND % had to make this explicit for TCC 0 < THETA(s, v, 1) AND THETA(s, v, 1) < tr AND abs(s`z) >= H AND ve`z = (-sign(v`z)*H - s`z)/THETA(s, v, 1) AND vr`z = (tr*v`z-THETA(s,v,1)*ve`z) / (tr-THETA(s,v,1)) IMPLIES separation?(at(s,ve,THETA(s, v, 1)),vr) vert_out_circle: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND 0 < tr AND % for TCC 0 < te AND % TEST CONDITION te < tr AND % TEST CONDITION abs(s`z) >= H AND % TEST CONDITION te = THETA(s, v, 1) AND % COMPUTED VALUES ve`z = (-sign(v`z)*H - s`z)/te AND vr`z = (tr*v`z-te*ve`z) / (tr-te) AND ve`x = v`x AND ve`y = v`y AND vr`x = v`x AND vr`y = v`y IMPLIES separation?(s,ve) AND separation?(at(s,ve,THETA(s, v, 1)),vr) vert_out_circle_timeliness: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND 0 < tr AND % for TCC 0 < te AND te < tr AND te = THETA(s, v, 1) AND % COMPUTED VALUES ve`z = (-sign(v`z)*H - s`z)/te AND vr`z = (tr*v`z-te*ve`z) / (tr-te) AND ve`x = v`x AND ve`y = v`y AND vr`x = v`x AND vr`y = v`y IMPLIES s+tr*v = s+te*ve+(tr-te)*vr END out_circle_vert $$$out_circle_vert.prf (out_circle_vert (signs_are_opposite 0 (signs_are_opposite-1 nil 3287832817 3310925934 ("" (skosimp*) (("" (expand "pred_sep?") (("" (skosimp*) (("" (hide 1) (("" (expand "vert_sep?") (("" (expand "+ ") (("" (expand "*") (("" (case "v!1`z > 0") (("1" (mult-ineq -1 -2) (("1" (grind) nil nil)) nil) ("2" (case-replace "v!1`z = 0") (("1" (assert) nil nil) ("2" (flip-ineq 2) (("2" (mult-ineq -1 -2 (- +)) (("2" (grind) (("2" (hide -2 -3 -4 -6 3 4) (("2" (name-replace "TVZ" "t!1 * v!1`z") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((vert_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (= const-decl "[T, T -> boolean]" equalities nil) (le_times_le_any1 formula-decl nil extra_real_props "Manip/") (<= const-decl "bool" reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (gt_times_gt_any1 formula-decl nil extra_real_props "Manip/") (sign const-decl "Sign" sign nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (> const-decl "bool" reals nil) (Vect3 type-eq-decl nil Vectors nil) (+ const-decl "Vect3" Vectors nil) (pred_sep? const-decl "bool" common_defs nil)) 89119 2540 t nil)) (signs_ve_z 0 (signs_ve_z-1 nil 3287832817 3310984851 ("" (skosimp*) (("" (lemma "signs_are_opposite") (("" (inst?) (("" (assert) (("" (replace -1 * rl) (("" (mult-by -3 "CC!1") (("" (mult-by 2 "CC!1") (("" (assert) (("" (case "ve!1`z > 0") (("1" (expand "abs") (("1" (expand "sign") (("1" (lift-if) (("1" (lift-if) (("1" (ground) (("1" (mult-by -1 "CC!1") (("1" (assert) (("1" (case-replace "(H - s!1`z) / CC!1 * CC!1 = (H - s!1`z) ") (("1" (hide-all-but (-2 -3 -7 6)) (("1" (name-replace "veCC" "ve!1`z * CC!1") (("1" (case "veCC <= 0") (("1" (hide -3 -4) (("1" (assert) nil nil)) nil) ("2" (hide -1 2) (("2" (move-terms -1 l 1) (("2" (replace -2 * rl) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (real-props) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "sign") (("2" (expand "abs") (("2" (lift-if) (("2" (lift-if) (("2" (assert) (("2" (ground) (("2" (mult-by 3 "CC!1") (("2" (rewrite "div_cancel2") (("2" (move-terms -3 r 1) (("2" (hide-all-but (-3 -5 1 5)) (("2" (name-replace "veCC" "ve!1`z * CC!1") (("2" (rewrite "zero_times1") (("2" (rewrite "neg_mult") (("2" (name-replace "SS" "1 * s!1`z") (("2" (replace -2 * rl) (("2" (hide -2) (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (both_sides_times1 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (both_sides_times_pos_gt1 formula-decl nil real_props nil) (<= const-decl "bool" reals nil) (div_cancel2 formula-decl nil real_props nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (zero_times1 formula-decl nil real_props nil) (neg_mult formula-decl nil extra_tegies "Field/") (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (numfield nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (sign const-decl "Sign" sign nil) (H const-decl "posreal" criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (signs_are_opposite formula-decl nil out_circle_vert nil)) 236502 13320 t nil)) (vert_out_circle_escape_TCC1 0 (vert_out_circle_escape_TCC1-1 nil 3287832817 3310915552 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 64 20 nil nil)) (vert_out_circle_escape_TCC2 0 (vert_out_circle_escape_TCC2-1 nil 3287832817 3310915555 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil)) 3179 2520 nil nil)) (vert_out_circle_escape 0 (vert_out_circle_escape-1 nil 3287832817 3310915560 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (expand "vertical_change?") (("" (flatten) (("" (lemma "ccc") (("" (inst - "at(s!1, ve!1, THETA(s!1, v!1, 1))" "ve!1") (("" (lemma "separation_lem") (("" (inst?) (("" (inst - "-THETA(s!1, v!1, 1)") (("" (expand "at") (("" (case "s!1 + THETA(s!1, v!1, 1) * ve!1 + -THETA(s!1, v!1, 1) * ve!1 = s!1") (("1" (replace -1) (("1" (assert) (("1" (hide 4 -1 1) (("1" (split) (("1" (hide-all-but (-9 1)) (("1" (mult-by -1 "THETA(s!1, v!1, 1)") (("1" (grind :exclude "THETA") nil nil)) nil)) nil) ("2" (flatten) (("2" (hide 1) (("2" (split) (("1" (lemma "exit_it_is") (("1" (inst?) (("1" (assert) (("1" (hide-all-but (-1 -4 -5 1)) (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil)) nil) ("2" (lemma "signs_ve_z") (("2" (inst?) (("2" (inst?) (("2" (assert) (("2" (replace -1 * rl) (("2" (hide -1) (("2" (mult-by -9 "THETA(s!1, v!1, 1)") (("2" (expand "+ ") (("2" (expand "*") (("2" (case "ve!1`z > 0") (("1" (expand "sign") (("1" (assert) (("1" (mult-by -1 "H") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (expand "sign") (("2" (lift-if) (("2" (assert) (("2" (mult-by 1 "H") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but 1) (("2" (expand "+ ") (("2" (expand "*") (("2" (apply-extensionality) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (at const-decl "Vect3" criteria nil) (bool nonempty-type-eq-decl nil booleans nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (THETA const-decl "real" common_defs nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (sq const-decl "nonneg_real" sq "reals/") (on_cyl? const-decl "bool" criteria nil) (exit? const-decl "bool" criteria nil) (exit_point? const-decl "bool" criteria nil) (exit_it_is formula-decl nil common_defs nil) (both_sides_times_pos_gt1 formula-decl nil real_props nil) (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (signs_ve_z formula-decl nil out_circle_vert nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (sign const-decl "Sign" sign nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (H const-decl "posreal" criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (separation_lem formula-decl nil criteria nil) (ccc formula-decl nil criteria nil) (vertical_change? const-decl "bool" common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 4747 2490 t nil)) (signs_vr_z_TCC1 0 (signs_vr_z_TCC1-1 nil 3287832817 3310915562 ("" (subtype-tcc) nil nil) proved ((posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (/= const-decl "boolean" notequal nil)) 1368 1170 nil nil)) (signs_vr_z 0 (signs_vr_z-1 nil 3287832817 3310915563 ("" (skosimp*) (("" (lemma "signs_are_opposite") (("" (inst?) (("" (assert) (("" (mult-by -3 "CC!1") (("" (rewrite "div_cancel2") (("" (replace -1) (("" (hide -1) (("" (mult-by -4 "(tr!1 - CC!1)") (("" (rewrite "div_cancel2") (("" (expand "pred_sep?") (("" (skosimp*) (("" (hide 1) (("" (expand "vert_sep?") (("" (expand "*") (("" (expand "+ ") (("" (name-replace "TRMT" "tr!1 - CC!1") (("" (case "v!1`z > 0") (("1" (mult-by -5 "v!1`z") (("1" (expand "sign") (("1" (assert) (("1" (mult-by -2 "t!1") (("1" (case "vr!1`z > 0") (("1" (assert) (("1" (lift-if) (("1" (ground) nil nil)) nil)) nil) ("2" (assert) (("2" (lift-if) (("2" (ground) (("2" (mult-by 4 "TRMT") (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "sign") (("2" (assert) (("2" (lift-if) (("2" (assert) (("2" (ground) (("2" (mult-by -5 "-v!1`z") (("2" (assert) (("2" (mult-by -7 "vr!1`z") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((signs_are_opposite formula-decl nil out_circle_vert nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (vert_sep? const-decl "bool" criteria nil) (+ const-decl "Vect3" Vectors nil) (both_sides_times_pos_gt1 formula-decl nil real_props nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (v!1 skolem-const-decl "Vect3" out_circle_vert nil) (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (* const-decl "Vect3" Vectors nil) (pred_sep? const-decl "bool" common_defs nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (numfield nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (Sign type-eq-decl nil sign nil) (sign const-decl "Sign" sign nil) (H const-decl "posreal" criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 1436 1090 t nil)) (vert_out_circle_rec_TCC1 0 (vert_out_circle_rec_TCC1-1 nil 3287832817 3310915570 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil)) 6561 5460 nil nil)) (vert_out_circle_rec 0 (vert_out_circle_rec-1 nil 3287832817 3310915574 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (expand "vertical_change?") (("" (flatten) (("" (lemma "ccc") (("" (inst?) (("" (assert) (("" (hide 3) (("" (split) (("1" (hide-all-but (-8 -11 1)) (("1" (mult-by -2 "THETA(s!1, v!1, 1)") (("1" (grind :exclude "THETA") nil nil)) nil)) nil) ("2" (flatten) (("2" (hide 1) (("2" (split) (("1" (lemma "exit_it_is") (("1" (inst -1 "s!1" "tr!1" "v!1") (("1" (assert) (("1" (hide-all-but (-1 -4 -5 -6 -7 1)) (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil)) nil) ("2" (expand "at") (("2" (expand "+ ") (("2" (expand "*") (("2" (lemma "signs_are_opposite") (("2" (inst - "s!1" "tr!1" "v!1") (("2" (assert) (("2" (assert) (("2" (replace -1 :dir rl) (("2" (case "vr!1`z = 0") (("1" (assert) nil nil) ("2" (mult-by -12 "THETA(s!1, v!1, 1)") (("2" (assert) (("2" (replace -1) (("2" (assert) (("2" (mult-by -1 "vr!1`z") (("2" (replace -1) (("2" (hide -1) (("2" (lemma "signs_vr_z") (("2" (inst?) (("2" (inst -1 "THETA(s!1, v!1, 1)" "ve!1" "vr!1") (("2" (assert) (("2" (mult-by -1 "-1") (("2" (assert) (("2" (replace -1 * rl) (("2" (hide-all-but 2) (("2" (grind) (("1" (mult-by -1 "H") (("1" (assert) nil nil)) nil) ("2" (mult-by 1 "H") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (at const-decl "Vect3" criteria nil) (bool nonempty-type-eq-decl nil booleans nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (THETA const-decl "real" common_defs nil) (sq const-decl "nonneg_real" sq "reals/") (on_cyl? const-decl "bool" criteria nil) (exit? const-decl "bool" criteria nil) (exit_point? const-decl "bool" criteria nil) (exit_it_is formula-decl nil common_defs nil) (signs_are_opposite formula-decl nil out_circle_vert nil) (div_cancel2 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (both_sides_times_pos_gt1 formula-decl nil real_props nil) (signs_vr_z formula-decl nil out_circle_vert nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (/= const-decl "boolean" notequal nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (sign const-decl "Sign" sign nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (H const-decl "posreal" criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (ccc formula-decl nil criteria nil) (vertical_change? const-decl "bool" common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 3985 3300 t nil)) (vert_out_circle_TCC1 0 (vert_out_circle_TCC1-1 nil 3287832817 3310915574 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 33 40 nil nil)) (vert_out_circle_TCC2 0 (vert_out_circle_TCC2-1 nil 3287832817 3310915576 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 2509 2140 nil nil)) (vert_out_circle_TCC3 0 (vert_out_circle_TCC3-1 nil 3287832817 3310915580 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 4122 3610 nil nil)) (vert_out_circle 0 (vert_out_circle-1 nil 3287832817 3310915581 ("" (skosimp*) (("" (split) (("1" (lemma "vert_out_circle_escape") (("1" (inst?) (("1" (inst?) (("1" (assert) (("1" (expand "vertical_change?") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "vert_out_circle_rec") (("2" (inst?) (("2" (inst?) (("2" (assert) (("2" (hide 2 3) (("2" (expand "vertical_change?") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (vertical_change? const-decl "bool" common_defs nil) (vert_out_circle_escape formula-decl nil out_circle_vert nil) (vert_out_circle_rec formula-decl nil out_circle_vert nil)) 445 370 nil nil)) (vert_out_circle_timeliness_TCC1 0 (vert_out_circle_timeliness_TCC1-1 nil 3287832817 3310915581 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 70 20 nil nil)) (vert_out_circle_timeliness_TCC2 0 (vert_out_circle_timeliness_TCC2-1 nil 3287832817 3310915583 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 2436 2050 nil nil)) (vert_out_circle_timeliness_TCC3 0 (vert_out_circle_timeliness_TCC3-1 nil 3287832817 3310915591 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 7500 3540 nil nil)) (vert_out_circle_timeliness 0 (vert_out_circle_timeliness-1 nil 3287832817 3310915593 ("" (skosimp*) (("" (cross-mult -6) (("" (cross-mult -7) (("" (grind :exclude "THETA") nil nil)) nil)) nil)) nil) proved ((H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (Sign type-eq-decl nil sign nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (- const-decl "[numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (pred_sep? const-decl "bool" common_defs nil) (vert_sep? const-decl "bool" criteria nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (hor_sep? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/")) 2635 1050 nil nil))) $$$common_defs.pvs common_defs: THEORY BEGIN IMPORTING criteria, reals@quadratic l,r,b,c : VAR real a : VAR nonzero_real so : VAR Vect3 % Ownship position vo : VAR Vect3 % Ownship velocity tt : VAR real % Target time st : VAR Vect3 % Target position si : VAR Vect3 % Intruder position vi : VAR Vect3 % Intruder velocity te : VAR real % Escape time voe : VAR Vect3 % Escape velocity tr : VAR real % Recovery time vor : VAR Vect3 % Recovery velocity s : VAR Vect3 % Relative ownship position v : VAR Vect3 % Relative ownship velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity sr : VAR Vect3 % Relative final position eps : VAR Sign p: VAR Vect3 t, t1, t2, t3 : VAR real v1, v2 : VAR Vect3 disc(s,v) : real = %% FORMULA (4.3) * 4 4 * sq(D) * (sq(v`x) + sq(v`y)) - 4 * sq(s`x * v`y - s`y * v`x) %%%% Tangent Condition for a generic s,v % % tangent_condition?(s,v):bool = (disc(s,v) = 0) pred_sep?(s,v,t2) : bool = % predicted separation until time t2 FORALL t: 0 <= t AND t <= t2 => hor_sep?(s+t*v) OR vert_sep?(s+t*v) disc_char : LEMMA hor_speed_gt_0?(v) IMPLIES % formula 4.3 disc(s,v) = discr(sq(v`x)+sq(v`y), 2*(s`x*v`x+s`y*v`y), sq(s`x)+sq(s`y)-sq(D)) %% -- formulas (4.6) and (4.7): % ----------------Following Messes Up PVS M-x stc ------------------------- % % THETA(s,(v| sq(v`x) + sq(v`y) > 0 AND disc(s,v) >= 0),eps) : real = % (-2*s`x*v`x - 2*s`y*v`y + eps * sqrt(disc(s,v))) / (2*sq(v`x)+2*sq(v`y)) THETA_defined?(s,v): bool = hor_speed_gt_0?(v) AND disc(s,v) >= 0 clash_type(s): TYPE = {v: Vect3 | THETA_defined?(s,v)} hor_speed_lem: LEMMA disc(s,v) > 0 IMPLIES hor_speed_gt_0?(v) THETA(s: Vect3, v: clash_type(s), eps) : real = (-2*s`x*v`x - 2*s`y*v`y + eps * sqrt(disc(s,v))) / (2*sq(v`x)+2*sq(v`y)) THETA1_char : LEMMA %% FROM (4.2) hor_speed_gt_0?(v) AND disc(s,v) >= 0 IMPLIES THETA(s,v,1) = x1(sq(v`x)+sq(v`y), 2*(s`x*v`x+s`y*v`y), sq(s`x)+sq(s`y)-sq(D)) THETA2_char : LEMMA %% FROM (4.2) hor_speed_gt_0?(v) AND disc(s,v) >= 0 IMPLIES THETA(s,v,-1) = x2(sq(v`x)+sq(v`y), 2*(s`x*v`x+s`y*v`y), sq(s`x)+sq(s`y)-sq(D)) % THETA_equal : LEMMA % THETA_defined?(s,v) AND THETA_defined?(s,ve) AND vertical_change?(v, ve) % IMPLIES THETA(s, v, eps) = THETA(s, ve, eps) quadr_expr_standard: LEMMA sq(s`x+t*v`x) + sq(s`y+t*v`y) = (sq(v`x)+sq(v`y))*sq(t) + 2*(s`x*v`x+s`y*v`y)*t + sq(s`x)+sq(s`y) quadr_ineq_standard: LEMMA (sq(s`x+t*v`x) + sq(s`y+t*v`y) >= sq(D)) IFF ((sq(v`x)+sq(v`y))*sq(t) + 2*(s`x*v`x+s`y*v`y)*t + sq(s`x)+sq(s`y)-sq(D) >= 0) quadr_eq_standard: LEMMA (sq(s`x+t*v`x) + sq(s`y+t*v`y) = sq(D)) IFF ((sq(v`x)+sq(v`y))*sq(t) + 2*(s`x*v`x+s`y*v`y)*t + sq(s`x)+sq(s`y)-sq(D) = 0) THETA_main: LEMMA hor_speed_gt_0?(v) IMPLIES (sq(s`x + t*v`x) + sq(s`y + t*v`y) = sq(D) IFF disc(s,v) >= 0 AND (t = THETA(s,v,-1) OR t = THETA(s,v,1))) % -------------------------------------------------------------------------- hor_sep_standard : LEMMA hor_sep?(s+t*v) IFF ((sq(v`x)+sq(v`y))*sq(t) + 2*(s`x*v`x+s`y*v`y)*t + sq(s`x)+sq(s`y)-sq(D) >= 0) infer_hor_movement : LEMMA hor_sep?(s) AND NOT hor_sep?(s+t*v) IMPLIES hor_speed_gt_0?(v) exploit_hor_conflict : LEMMA hor_sep?(s) AND NOT hor_sep?(s+t*v) IMPLIES disc(s,v) > 0 hor_sep_char : LEMMA hor_sep?(s) IMPLIES (hor_sep?(s+t*v) IFF (NOT hor_speed_gt_0?(v) OR disc(s,v) <= 0 OR (THETA(s,v,1) <= t OR t <= THETA(s,v,-1)))) exploit_pred_conflict : LEMMA tr > 0 AND hor_sep?(s) AND NOT pred_sep?(s,v,tr) IMPLIES THETA_defined?(s,v) exploit_pred_conflict2 : LEMMA hor_sep?(s) AND NOT pred_sep?(s,v,tr) IMPLIES THETA_defined?(s,v) % --------------------------------------- sep_connection: LEMMA separation?(s,v) IMPLIES pred_sep?(s,v,t2) % all_entry_exit: LEMMA hor_pass?(1,s, v) OR hor_pass?(-1,s,v) hor_pass_indeed: LEMMA hor_sep?(s) AND NOT hor_sep?(s+t*v) AND t > 0 IMPLIES hor_pass?(eps,s + THETA(s, v, eps) * v, v) entry_it_is: LEMMA hor_sep?(s) AND THETA_defined?(s,v) AND NOT pred_sep?(s,v,tr) IMPLIES entry_point?(s + THETA(s, v, -1) * v, v) exit_it_is: LEMMA hor_sep?(s) AND THETA_defined?(s,v) AND NOT pred_sep?(s,v,tr) IMPLIES exit_point?(s + THETA(s, v, 1) * v, v) epsp : VAR Sign reaching_H : LEMMA THETA_defined?(s, v) AND THETA(s, v, epsp) /= 0 AND ve`z = (eps * H - s`z) / THETA(s, v, epsp) IMPLIES s`z + THETA(s,v,epsp)*ve`z = eps*H vert_ge_H : LEMMA sr = s + tr*v AND s`z >= H and sr`z >= H AND 0 <= t AND t <= tr IMPLIES z(s+t*v) >= H vert_le_neg_H : LEMMA sr = s + tr*v AND s`z <= - H and sr`z <= -H AND 0 <= t AND t <= tr IMPLIES z(s+t*v) <= -H vert_pred : LEMMA sr = s + tr*v AND ((s`z >= H and sr`z >= H) OR (s`z <= - H and sr`z <= -H)) IMPLIES pred_sep?(s,v,tr) sz: VAR real vz: VAR nzreal reaching_H_theta: LEMMA abs(sz + theta(eps, sz, vz) * vz) = H vertical_entry_exit_condition: LEMMA eps * (sz + theta(eps, sz, vz) * vz) * vz >= 0 timeliness: THEOREM te /= tr AND vr`x = (te*ve`x - tr*v`x)/(te - tr) AND vr`y = (te*ve`y - tr*v`y)/(te - tr) AND vr`z = v`z AND ve`z = v`z IMPLIES s + tr * v = s + te*ve + (tr-te)*vr % MOVED here from gs_only circle_correctness: LEMMA v`z /= 0 AND (exit_point?(at(s, v, theta(-1, s`z, v`z)), v) OR entry_point?(at(s, v, theta(1, s`z, v`z)), v)) IMPLIES separation?(s, v) % Types of maneuver vertical_change?(vo,voe) : bool = voe`x = vo`x AND voe`y = vo`y scale: VAR real ground_speed_only_absolute?(ve, scale, vo, vi): bool = scale > 0 AND ve`x = scale * vo`x - vi`x AND ve`y = scale * vo`y - vi`y AND ve`z = vo`z - vi`z ground_speed_only?(voe, vo, vi): bool = LET ve = voe - vi IN (EXISTS scale: ground_speed_only_absolute?(ve, scale, vo, vi)) heading_only?(vo,voe): bool = sq(voe`x) + sq(voe`y) = sq(vo`x) + sq(vo`y) AND voe`z = vo`z % % Algorithm Solution Type % solution : TYPE = [# ve: Vect3, vr:Vect3, te:real #] % Pick_Root(root:bool, a: nonzero_real, b:real, c:real % | discr(a, b, c) >= 0): real = IF root THEN x1(a, b, c) % ELSE x2(a, b, c) % ENDIF Pick_Root(root:bool, a: real, b:real, c:real): real = IF a /= 0 AND discr(a, b, c) >= 0 THEN IF root THEN x1(a, b, c) ELSE x2(a, b, c) ENDIF ELSE 0 ENDIF root: VAR bool Pick_Root_lem: LEMMA a /= 0 AND discr(a, b, c) >= 0 IMPLIES Pick_Root(root,a,b,c) = IF root THEN x1(a, b, c) ELSE x2(a, b, c) ENDIF END common_defs $$$common_defs.prf (common_defs (disc_char_TCC1 0 (disc_char_TCC1-1 nil 3287832816 3287854642 ("" (subtype-tcc) nil nil) unchecked ((sq const-decl "nonneg_real" sq "reals/") (hor_speed_gt_0? const-decl "bool" criteria nil)) 101 60 nil nil)) (disc_char 0 (disc_char-1 nil 3287832816 3287854643 ("" (skosimp*) (("" (expand "hor_speed_gt_0?") (("" (expand "discr") (("" (expand "disc") (("" (expand "sq") (("" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((hor_speed_gt_0? const-decl "bool" criteria nil) (disc const-decl "real" common_defs nil) (sq const-decl "nonneg_real" sq "reals/") (discr const-decl "real" quadratic "reals/")) 533 470 nil nil)) (hor_speed_lem 0 (hor_speed_lem-1 nil 3287832816 3287854643 ("" (skosimp*) (("" (expand "disc") (("" (expand "hor_speed_gt_0?") (("" (assert) nil nil)) nil)) nil)) nil) unchecked ((disc const-decl "real" common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil)) 314 290 nil nil)) (THETA_TCC1 0 (THETA_TCC1-1 nil 3287832816 3287854644 ("" (subtype-tcc) nil nil) unchecked ((hor_speed_gt_0? const-decl "bool" criteria nil) (clash_type type-eq-decl nil common_defs nil) (THETA_defined? const-decl "bool" common_defs nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (sq const-decl "nonneg_real" sq "reals/") (disc const-decl "real" common_defs nil)) 924 880 nil nil)) (THETA_TCC2 0 (THETA_TCC2-1 nil 3287832816 3287854645 ("" (subtype-tcc) nil nil) unchecked ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (= const-decl "[T, T -> boolean]" equalities nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (Vect3 type-eq-decl nil Vectors nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (disc const-decl "real" common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/")) 673 660 nil nil)) (THETA1_char_TCC1 0 (THETA1_char_TCC1-1 nil 3287832816 3287854645 ("" (subtype-tcc) nil nil) unchecked ((sq const-decl "nonneg_real" sq "reals/") (disc const-decl "real" common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (THETA_defined? const-decl "bool" common_defs nil)) 411 390 nil nil)) (THETA1_char_TCC2 0 (THETA1_char_TCC2-1 nil 3287832816 3287854646 ("" (skosimp*) (("" (expand "disc") (("" (expand "discr") (("" (assert) (("" (expand "sq") (("" (propax) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((disc const-decl "real" common_defs nil) (sq const-decl "nonneg_real" sq "reals/") (discr const-decl "real" quadratic "reals/")) 737 720 t nil)) (THETA1_char 0 (THETA1_char-1 nil 3287832816 3287854691 ("" (skosimp*) (("" (expand "THETA") (("" (expand "root") (("" (rewrite "disc_char") (("" (expand "hor_speed_gt_0?") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((THETA const-decl "real" common_defs nil) (disc_char formula-decl nil common_defs nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (root const-decl "real" quadratic "reals/")) 7813 1350 t nil)) (THETA2_char 0 (THETA2_char-1 nil 3287832816 3287854705 ("" (skosimp*) (("" (expand "THETA") (("" (expand "root") (("" (rewrite "disc_char") (("" (expand "hor_speed_gt_0?") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((THETA const-decl "real" common_defs nil) (disc_char formula-decl nil common_defs nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (root const-decl "real" quadratic "reals/")) 9201 1550 t nil)) (quadr_expr_standard 0 (quadr_expr_standard-1 nil 3287832816 3287854648 ("" (skosimp*) (("" (grind :theories "real_props") nil nil)) nil) unchecked ((sq const-decl "nonneg_real" sq "reals/")) 481 450 nil nil)) (quadr_ineq_standard 0 (quadr_ineq_standard-1 nil 3287832816 3287854648 ("" (skosimp*) (("" (rewrite "quadr_expr_standard") (("" (prop) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil) unchecked ((quadr_expr_standard formula-decl nil common_defs nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil)) 566 550 nil nil)) (quadr_eq_standard 0 (quadr_eq_standard-1 nil 3287832816 3287854649 ("" (skosimp*) (("" (rewrite "quadr_expr_standard") (("" (grind :theories "real_props") nil nil)) nil)) nil) unchecked ((quadr_expr_standard formula-decl nil common_defs nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (sq const-decl "nonneg_real" sq "reals/")) 882 840 nil nil)) (THETA_main 0 (THETA_main-1 nil 3287832816 3287854650 ("" (skosimp*) (("" (rewrite "quadr_eq_standard") (("" (lemma "quadratic_eq_0") (("" (inst -1 "(sq(v!1`x) + sq(v!1`y))" "2 * (s!1`x * v!1`x ) + 2 * (s!1`y * v!1`y)" "sq(s!1`x) + sq(s!1`y) - sq(D)" "t!1") (("1" (case "disc(s!1, v!1) >= 0") (("1" (rewrite "THETA1_char") (("1" (rewrite "THETA2_char") (("1" (rewrite "disc_char") (("1" (assert) (("1" (replace -2 :hide? t) (("1" (prop) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide -1) (("2" (assert) (("2" (expand "hor_speed_gt_0?") (("2" (lemma "a_gt_0_discr_ge_0") (("2" (inst - "sq(v!1`x) + sq(v!1`y)" "2 * (s!1`x * v!1`x) + 2 * (s!1`y * v!1`y)" "sq(s!1`x) + sq(s!1`y) - sq(D)" "t!1") (("1" (rewrite "disc_char") (("1" (replace 1 :hide? t) (("1" (assert) nil nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "hor_speed_gt_0?") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((quadr_eq_standard formula-decl nil common_defs nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (a_gt_0_discr_ge_0 formula-decl nil quadratic "reals/") (THETA1_char formula-decl nil common_defs nil) (disc_char formula-decl nil common_defs nil) (THETA2_char formula-decl nil common_defs nil) (disc const-decl "real" common_defs nil) (quadratic_eq_0 formula-decl nil quadratic "reals/")) 1231 1180 nil nil)) (hor_sep_standard 0 (hor_sep_standard-1 nil 3287832816 3287854651 ("" (skosimp*) (("" (expand "hor_sep?") (("" (expand* "+" "*") (("" (rewrite "quadr_ineq_standard") nil nil)) nil)) nil)) nil) unchecked ((hor_sep? const-decl "bool" criteria nil) (quadr_ineq_standard formula-decl nil common_defs nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil)) 513 470 nil nil)) (infer_hor_movement 0 (infer_hor_movement-1 nil 3287832816 3287854651 ("" (skosimp*) (("" (expand "hor_speed_gt_0?") (("" (use "sq_plus_eq_0") (("" (assert) (("" (flatten) (("" (expand "hor_sep?") (("" (expand* "+" "*") (("" (replace*) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((hor_speed_gt_0? const-decl "bool" criteria nil) (hor_sep? const-decl "bool" criteria nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (sq_plus_eq_0 formula-decl nil sq "reals/")) 211 200 nil nil)) (exploit_hor_conflict 0 (exploit_hor_conflict-1 nil 3287832816 3287854925 ("" (skosimp*) (("" (use "infer_hor_movement") (("" (assert) (("" (rewrite "hor_sep_standard") (("" (rewrite "disc_char") (("" (expand "hor_speed_gt_0?") (("" (expand "hor_sep?") (("" (lemma "quadratic_ge_0") (("" (expand "root") (("" (inst - "sq(x(v!1))+sq(y(v!1))" "2*(x(s!1)*x(v!1)+y(s!1)*y(v!1))" "sq(x(s!1)) + sq(y(s!1)) - sq(D)" "t!1") (("1" (replace -1 :hide? t) (("1" (assert) (("1" (lemma "root_eq") (("1" (inst?) (("1" (case "discr(sq(x(v!1)) + sq(y(v!1)), 2 * (x(s!1) * x(v!1)) + 2 * (y(s!1) * y(v!1)), sq(x(s!1)) + sq(y(s!1)) - sq(D)) = 0") (("1" (replace*) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((infer_hor_movement formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (hor_sep_standard formula-decl nil common_defs nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (quadratic_ge_0 formula-decl nil quadratic "reals/") (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (D const-decl "posreal" criteria nil) (sqrt_0 formula-decl nil sqrt "reals/") (discr const-decl "real" quadratic "reals/") (= const-decl "[T, T -> boolean]" equalities nil) (root_eq formula-decl nil quadratic "reals/") (root const-decl "real" quadratic "reals/") (hor_sep? const-decl "bool" criteria nil) (disc_char formula-decl nil common_defs nil)) 201706 5090 t nil)) (hor_sep_char_TCC1 0 (hor_sep_char_TCC1-1 nil 3287832816 3287854652 ("" (skosimp*) (("" (expand "THETA_defined?") (("" (assert) nil nil)) nil)) nil) unchecked ((THETA_defined? const-decl "bool" common_defs nil)) 16 20 nil nil)) (hor_sep_char 0 (hor_sep_char-1 nil 3287832816 3287854653 ("" (skosimp*) (("" (case "hor_speed_gt_0?(v!1) AND disc(s!1,v!1) > 0") (("1" (flatten) (("1" (assert) (("1" (rewrite "THETA1_char") (("1" (rewrite "THETA2_char") (("1" (rewrite "hor_sep_standard") (("1" (lemma "quadratic_ge_0") (("1" (inst - "sq(x(v!1))+sq(y(v!1))" "2*(x(s!1)*x(v!1)+y(s!1)*y(v!1))" "sq(x(s!1)) + sq(y(s!1)) - sq(D)" "t!1") (("1" (replace -1 :hide? t) (("1" (rewrite "disc_char") (("1" (expand "hor_sep?") (("1" (expand "hor_speed_gt_0?") (("1" (assert) (("1" (prop) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "hor_speed_gt_0?") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (case "hor_sep?(s!1 + t!1 * v!1)") (("1" (replace -1 :hide? t) (("1" (assert) (("1" (flatten) (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (hide 3) (("2" (use "infer_hor_movement") (("2" (prop) (("2" (use "exploit_hor_conflict") (("2" (prop) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((disc const-decl "real" common_defs nil) (> const-decl "bool" reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (THETA2_char formula-decl nil common_defs nil) (quadratic_ge_0 formula-decl nil quadratic "reals/") (hor_sep? const-decl "bool" criteria nil) (disc_char formula-decl nil common_defs nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (hor_sep_standard formula-decl nil common_defs nil) (THETA1_char formula-decl nil common_defs nil) (exploit_hor_conflict formula-decl nil common_defs nil) (infer_hor_movement formula-decl nil common_defs nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil)) 753 690 nil nil)) (exploit_pred_conflict 0 (exploit_pred_conflict-1 nil 3287832816 3287854653 ("" (skosimp*) (("" (expand "pred_sep?") (("" (skosimp*) (("" (hide 2) (("" (expand "THETA_defined?") (("" (use "infer_hor_movement") (("" (use "exploit_hor_conflict") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((pred_sep? const-decl "bool" common_defs nil) (infer_hor_movement formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (exploit_hor_conflict formula-decl nil common_defs nil) (THETA_defined? const-decl "bool" common_defs nil)) 59 50 nil nil)) (exploit_pred_conflict2 0 (exploit_pred_conflict2-1 nil 3287832816 3287854653 ("" (skosimp*) (("" (expand "pred_sep?") (("" (skosimp*) (("" (hide 2) (("" (expand "THETA_defined?") (("" (use "infer_hor_movement") (("" (use "exploit_hor_conflict") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((pred_sep? const-decl "bool" common_defs nil) (infer_hor_movement formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (exploit_hor_conflict formula-decl nil common_defs nil) (THETA_defined? const-decl "bool" common_defs nil)) 54 50 nil nil)) (sep_connection 0 (sep_connection-1 nil 3287832816 3287854653 ("" (skosimp*) (("" (expand "pred_sep?") (("" (skosimp*) (("" (expand "separation?") (("" (inst -1 "t!1") (("" (prop) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((pred_sep? const-decl "bool" common_defs nil) (separation? const-decl "bool" criteria nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 38 40 nil nil)) (all_entry_exit 0 (all_entry_exit-1 nil 3287832816 3287854653 ("" (skosimp*) (("" (grind) nil nil)) nil) unchecked ((hor_pass? const-decl "bool" criteria nil)) 193 190 nil nil)) (hor_pass_indeed_TCC1 0 (hor_pass_indeed_TCC1-1 nil 3287832816 3287854653 ("" (skosimp*) (("" (use "infer_hor_movement") (("" (use "exploit_hor_conflict") (("" (expand "THETA_defined?") (("" (assert) nil nil)) nil)) nil)) nil)) nil) unchecked ((infer_hor_movement formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (THETA_defined? const-decl "bool" common_defs nil) (exploit_hor_conflict formula-decl nil common_defs nil)) 46 30 nil nil)) (hor_pass_indeed 0 (hor_pass_indeed-1 nil 3287832816 3287854655 ("" (skosimp*) (("" (use "infer_hor_movement") (("" (use "exploit_hor_conflict") (("" (prop) (("" (expand "hor_pass?") (("" (expand* "+" "*") (("" (expand "hor_sep?") (("" (case "s!1`x * v!1`x * eps!1 + s!1`y * v!1`y * eps!1 + v!1`x * v!1`x * THETA(s!1, v!1, eps!1) * eps!1 + v!1`y * v!1`y * THETA(s!1, v!1, eps!1) * eps!1 = s!1`x * v!1`x * eps!1 + s!1`y * v!1`y * eps!1 + (2*sq(v!1`x) + 2*sq(v!1`y)) * THETA(s!1, v!1, eps!1) * eps!1/2") (("1" (replace -1 :hide? t) (("1" (case "THETA(s!1, v!1, eps!1) = (-2 * (s!1`x * v!1`x) - 2 * (s!1`y * v!1`y) + eps!1 * sqrt(disc(s!1, v!1))) / (2 * sq(v!1`x) + 2 * sq(v!1`y))") (("1" (replace -1 :hide? t) (("1" (rewrite "div_cancel1" 2) (("1" (assert) (("1" (case "(-2 * (s!1`x * v!1`x * eps!1) - 2 * (s!1`y * v!1`y * eps!1) + sqrt(disc(s!1, v!1)) * eps!1 * eps!1) / 2 = -1 * (s!1`x * v!1`x * eps!1 + s!1`y * v!1`y * eps!1) + sqrt(disc(s!1, v!1)) * eps!1 * eps!1 / 2") (("1" (replace -1 :hide? t) (("1" (assert) (("1" (case "sqrt(disc(s!1, v!1)) * eps!1 * eps!1 / 2 = sqrt(disc(s!1, v!1)) / 2") (("1" (replace -1 :hide? t) (("1" (assert) nil nil)) nil) ("2" (hide 3) (("2" (typepred "eps!1") (("2" (split -) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 3) (("2" (mult-by 1 "2") nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "THETA") (("2" (propax) nil nil)) nil) ("3" (assert) (("3" (expand "hor_speed_gt_0?") (("3" (assert) nil nil)) nil)) nil) ("4" (assert) nil nil)) nil)) nil) ("2" (hide 3) (("2" (expand "sq" 1) (("2" (mult-by 1 "2") nil nil)) nil)) nil) ("3" (expand "THETA_defined?") (("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((infer_hor_movement formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (THETA const-decl "real" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (THETA_defined? const-decl "bool" common_defs nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (sqrt const-decl "{nnz | nnz * nnz = nnx}" sqrt "reals/") (disc const-decl "real" common_defs nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel1 formula-decl nil real_props nil) (NOT const-decl "[bool -> bool]" booleans nil) (div_cancel2 formula-decl nil real_props nil) (both_sides_times1 formula-decl nil real_props nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (hor_sep? const-decl "bool" criteria nil) (hor_pass? const-decl "bool" criteria nil) (exploit_hor_conflict formula-decl nil common_defs nil)) 1865 1750 nil nil)) (entry_it_is 0 (entry_it_is-1 nil 3287832816 3287854656 ("" (skosimp*) (("" (lemma "hor_pass_indeed") (("" (inst?) (("" (assert) (("" (expand "entry_point?") (("" (expand "entry?") (("" (expand "hor_pass?") (("" (assert) (("" (expand "pred_sep?") (("" (skosimp*) (("" (inst?) (("" (assert) (("" (case-replace "t!1 = 0") (("1" (assert) (("1" (hide-all-but (-3 1)) (("1" (grind) nil nil)) nil)) nil) ("2" (assert) (("2" (lemma "THETA_main") (("2" (expand "on_cyl?") (("2" (inst -1 "s!1" "THETA(s!1,v!1,-1)" "v!1") (("2" (assert) (("2" (split -1) (("1" (assert) (("1" (expand "THETA_defined?") (("1" (flatten) (("1" (assert) (("1" (hide -1) (("1" (hide-all-but (-1 4)) (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "THETA_defined?") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((hor_pass_indeed formula-decl nil common_defs nil) (entry? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (THETA const-decl "real" common_defs nil) (THETA_main formula-decl nil common_defs nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (pred_sep? const-decl "bool" common_defs nil) (hor_pass? const-decl "bool" criteria nil) (entry_point? const-decl "bool" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 844 800 nil nil)) (exit_it_is 0 (exit_it_is-1 nil 3287832816 3287854657 ("" (skosimp*) (("" (lemma "hor_pass_indeed") (("" (inst?) (("" (expand "pred_sep?") (("" (skosimp*) (("" (inst?) (("" (assert) (("" (case-replace "t!1 = 0") (("1" (assert) (("1" (hide-all-but (-3 1)) (("1" (grind) nil nil)) nil)) nil) ("2" (assert) (("2" (expand "exit_point?") (("2" (expand "exit?") (("2" (expand "hor_pass?") (("2" (assert) (("2" (hide -1) (("2" (lemma "THETA_main") (("2" (inst?) (("2" (inst -1 "THETA(s!1, v!1, 1)") (("2" (expand "THETA_defined?") (("2" (flatten) (("2" (assert) (("2" (hide-all-but (-1 4)) (("2" (grind :exclude "THETA") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((hor_pass_indeed formula-decl nil common_defs nil) (pred_sep? const-decl "bool" common_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (hor_sep? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (exit_point? const-decl "bool" criteria nil) (hor_pass? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (THETA_defined? const-decl "bool" common_defs nil) (clash_type type-eq-decl nil common_defs nil) (THETA const-decl "real" common_defs nil) (THETA_main formula-decl nil common_defs nil) (exit? const-decl "bool" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil)) 865 810 nil nil)) (reaching_H 0 (reaching_H-1 nil 3287832816 3287854657 ("" (skosimp*) (("" (replaces -2) (("" (field 2) nil nil)) nil)) nil) unchecked nil 263 260 nil nil)) (vert_ge_H 0 (vert_ge_H-1 nil 3287832816 3287854659 ("" (skosimp*) (("" (replaces -1) (("" (expand* "+" "*") (("" (case "v!1`z >= 0") (("1" (case "t!1*v!1`z >= 0") (("1" (assert) nil nil) ("2" (real-props 1) (("2" (ground) nil nil)) nil)) nil) ("2" (case "s!1`z + t!1 * v!1`z >= s!1`z + tr!1 * v!1`z") (("1" (assert) nil nil) ("2" (hide 3) (("2" (real-props) (("2" (cancel-by 1 "v!1`z") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((Vect3 type-eq-decl nil Vectors nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (pos_times_ge formula-decl nil real_props nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (> const-decl "bool" reals nil) (div_mult_neg_le1 formula-decl nil real_props nil) (zero_times1 formula-decl nil real_props nil) (div_mult_neg_lt1 formula-decl nil real_props nil) (both_sides_times_neg_ge1 formula-decl nil real_props nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (negreal nonempty-type-eq-decl nil real_types nil) (< const-decl "bool" reals nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (<= const-decl "bool" reals nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (/= const-decl "boolean" notequal nil) (= const-decl "[T, T -> boolean]" equalities nil) (both_sides_plus_ge2 formula-decl nil real_props nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil)) 2204 1930 nil nil)) (vert_le_neg_H 0 (vert_le_neg_H-1 nil 3287832816 3287854659 ("" (skosimp*) (("" (lemma "vert_ge_H") (("" (inst -1 "s!1 WITH [z := -s!1`z]" "sr!1 WITH [z := -sr!1`z]" "t!1" "tr!1" "v!1 WITH [z := -v!1`z]") (("" (expand* "+" "*") (("" (replaces -2) (("" (beta) (("" (split -1) (("1" (assert) nil nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (assert) nil nil) ("5" (propax) nil nil) ("6" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((vert_ge_H formula-decl nil common_defs nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 236 210 nil nil)) (vert_pred 0 (vert_pred-1 nil 3287832816 3287854660 ("" (skolem 1 ("s" "sr" "tr" "v")) (("" (flatten) (("" (expand "pred_sep?") (("" (skolem 1 "t") (("" (flatten) (("" (hide 1) (("" (expand "vert_sep?") (("" (split -2) (("1" (flatten) (("1" (lemma "vert_ge_H") (("1" (inst?) (("1" (inst -1 "t") (("1" (expand* "+" "*") (("1" (split -1) (("1" (hide-all-but (-1 1)) (("1" (grind) nil nil)) nil) ("2" (propax) nil nil) ("3" (propax) nil nil) ("4" (propax) nil nil) ("5" (propax) nil nil) ("6" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "vert_le_neg_H") (("2" (inst?) (("2" (inst -1 "t") (("2" (split -1) (("1" (hide-all-but (-1 1)) (("1" (grind) nil nil)) nil) ("2" (propax) nil nil) ("3" (assert) nil nil) ("4" (assert) nil nil) ("5" (propax) nil nil) ("6" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((vert_ge_H formula-decl nil common_defs nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (vert_le_neg_H formula-decl nil common_defs nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil)) 325 260 nil nil)) (reaching_H_theta 0 (reaching_H_theta-1 nil 3287832816 3287854660 ("" (skosimp*) (("" (expand "theta") (("" (expand "abs") (("" (expand "sign") (("" (lift-if) (("" (lift-if) (("" (assert) (("" (lift-if) (("" (assert) (("" (typepred "eps!1") (("" (prop) (("1" (assert) nil nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (assert) nil nil) ("5" (assert) (("5" (assert) nil nil)) nil) ("6" (assert) nil nil) ("7" (assert) nil nil) ("8" (assert) nil nil) ("9" (assert) nil nil) ("10" (assert) (("10" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((theta const-decl "real" criteria nil) (sign const-decl "Sign" sign nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil)) 485 460 nil nil)) (vertical_entry_exit_condition 0 (vertical_entry_exit_condition-1 nil 3287832816 3287854661 ("" (skosimp*) (("" (typepred "vz!1") (("" (flatten) (("" (expand "theta") (("" (case-replace "(sign(vz!1) * H * eps!1 - sz!1) / vz!1 * eps!1 * vz!1 * vz!1 = (sign(vz!1) * H * eps!1 - sz!1) * eps!1 * vz!1") (("1" (hide -1) (("1" (assert) (("1" (case-replace "sign(vz!1) * H * eps!1 * eps!1 * vz!1 = H * abs(vz!1)") (("1" (assert) nil nil) ("2" (hide 2 3) (("2" (typepred "eps!1") (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (field 1) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((nzreal nonempty-type-eq-decl nil reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (/= const-decl "boolean" notequal nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (theta const-decl "real" criteria nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil)) 515 480 nil nil)) (timeliness_TCC1 0 (timeliness_TCC1-1 nil 3287832816 3287854661 ("" (subtype-tcc) nil nil) unchecked ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil)) 88 70 nil nil)) (timeliness 0 (timeliness-1 nil 3287832816 3287854661 ("" (skosimp*) (("" (cross-mult -1) (("" (cross-mult -2) (("" (grind) nil nil)) nil)) nil)) nil) unchecked ((* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil)) 409 350 nil nil)) (circle_correctness 0 (circle_correctness-1 nil 3287832816 3287854662 ("" (skosimp*) (("" (lemma "separation_lem") (("" (split) (("1" (inst - "s!1" "theta(-1,s!1`z, v!1`z)" "v!1") (("1" (assert) (("1" (lemma "ccc") (("1" (inst - "at(s!1, v!1, theta(-1,s!1`z, v!1`z))" "v!1") (("1" (expand "at") (("1" (expand "+ ") (("1" (expand "*") (("1" (lemma "reaching_H_theta") (("1" (inst - "-1" "s!1`z" "v!1`z") (("1" (assert) (("1" (flatten) (("1" (assert) (("1" (hide 1) (("1" (lemma "vertical_entry_exit_condition") (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil) ("2" (inst - "s!1" "theta(1,s!1`z, v!1`z)" "v!1") (("1" (assert) (("1" (lemma "ccc") (("1" (inst - "at(s!1, v!1, theta(1,s!1`z, v!1`z))" "v!1") (("1" (expand "at") (("1" (expand "+ ") (("1" (expand "*") (("1" (lemma "reaching_H_theta") (("1" (inst - "1" "s!1`z" "v!1`z") (("1" (assert) (("1" (flatten) (("1" (hide 2) (("1" (hide 2) (("1" (lemma "vertical_entry_exit_condition") (("1" (inst?) (("1" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil) unchecked ((separation_lem formula-decl nil criteria nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (/= const-decl "boolean" notequal nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (nzreal nonempty-type-eq-decl nil reals nil) (theta const-decl "real" criteria nil) (ccc formula-decl nil criteria nil) (* const-decl "Vect3" Vectors nil) (vertical_entry_exit_condition formula-decl nil common_defs nil) (reaching_H_theta formula-decl nil common_defs nil) (+ const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil)) 861 800 nil nil)) (Pick_Root_lem 0 (Pick_Root_lem-1 nil 3311089718 3311089725 ("" (skosimp*) (("" (expand "Pick_Root") (("" (assert) nil nil)) nil)) nil) proved ((Pick_Root const-decl "real" common_defs nil)) 6852 720 t shostak))) $$$sign.pvs sign : THEORY BEGIN Sign : TYPE = {i:int|i=1 OR i=-1} x, y: VAR real sign(x): Sign = IF x > 0 THEN 1 ELSE -1 ENDIF abs_plus: LEMMA x*y >= 0 IMPLIES abs(x+y) = abs(x) + abs(y) sign_times: LEMMA x*y /= 0 IMPLIES sign(x*y) = sign(x)*sign(y) END sign $$$sign.prf (sign (abs_plus 0 (abs_plus-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "abs") (("" (rewrite "pos_times_ge" -1) (("" (prop) (("1" (assert) (("1" (case "x!1 = 0 OR y!1 = 0") (("1" (split -) (("1" (replace*) (("1" (assert) nil nil)) nil) ("2" (replace*) (("2" (assert) nil nil)) nil)) nil) ("2" (flatten) (("2" (assert) nil nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil) unchecked ((abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (pos_times_ge formula-decl nil real_props nil)) nil nil nil nil)) (sign_times 0 (sign_times-1 nil 3287930046 nil ("" (skosimp*) (("" (expand "sign") (("" (case "x!1 * y!1 > 0") (("1" (assert) (("1" (rewrite "pos_times_gt" -1) (("1" (prop) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil) ("2" (assert) (("2" (rewrite "pos_times_gt" 1) (("2" (prop) (("1" (assert) nil nil) ("2" (assert) nil nil) ("3" (assert) nil nil) ("4" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((sign const-decl "Sign" sign nil) (pos_times_gt formula-decl nil real_props nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (> const-decl "bool" reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil)) nil nil nil nil))) $$$Vectors.pvs Vectors : THEORY BEGIN x,y,z : VAR real Vect3 : TYPE = [# x,y,z:real #] vect3 : VAR Vect3 % Vect2 : TYPE = [# % x,y:real % #] % vect2 : VAR Vect2 % toVect3(vect2) : Vect3 = (# % x := vect2`x, % y := vect2`y, % z := 0 % #) % toVect2(vect3) : Vect2 = (# % x := vect3`x, % y := vect3`y % #) % CONVERSION toVect3 % CONVERSION toVect2 v,w : VAR Vect3 a,b : VAR real -(v): Vect3=(# x := -v`x, y := -v`y, z := -v`z #) ; +(v,w):Vect3=(# x:= v`x + w`x, y:= v`y + w`y, z:= v`z + w`z #); -(v,w):Vect3=(# x:= v`x - w`x, y:= v`y - w`y, z:= v`z - w`z #); *(v,w):real = v`x * w`x + v`y * w`y + v`z * w`z; *(a,w):Vect3=(# x:= a * w`x, y:= a * w`y, z:= a * w`z #) sq_norm(v):real = v*v sq_norm2(v):real = v`x*v`x + v`y*v`y vect_dist : LEMMA a*(v+w) = a*v + a*w vect_dist_sub: LEMMA a*(v-w) = a*v - a*w vect_split_add: LEMMA (a+b)*v = a*v + b*v vect_split_sub: LEMMA (a-b)*v = a*v - b*v END Vectors $$$Vectors.prf (Vectors (vect_dist 0 (vect_dist-1 nil 3287930046 nil ("" (grind) nil nil) unchecked ((+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil)) nil nil nil nil)) (vect_dist_sub 0 (vect_dist_sub-1 nil 3287930046 nil ("" (grind) nil nil) unchecked ((* const-decl "Vect3" Vectors nil)) nil nil nil nil)) (vect_split_add 0 (vect_split_add-1 nil 3287930046 nil ("" (grind) nil nil) unchecked ((* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil)) nil nil nil nil)) (vect_split_sub 0 (vect_split_sub-1 nil 3287930046 nil ("" (grind) nil nil) unchecked ((* const-decl "Vect3" Vectors nil)) nil nil nil nil))) $$$criteria.pvs criteria : THEORY BEGIN IMPORTING reals@sqrt,Vectors,sign D : posreal %% Half the diameter H : posreal %% Half the height s,sr,v,vr: VAR Vect3 t : VAR real sz : VAR real vz : VAR nzreal eps : VAR Sign %% Protected zone % P: set[Vect3] = { s | sq(s`x)+sq(s`y) < sq(D) AND abs(s`z) < H} at(s,v,t) : Vect3 = s+t*v hor_sep?(s) : bool = sq(s`x) + sq(s`y) >= sq(D) % horizontal separation vert_sep?(s) : bool = abs(s`z) >= H % vertical separation separation?(s,v): bool = (FORALL t: hor_sep?(s+t*v) OR vert_sep?(s+t*v)) %%%% Vertical Criteria (Lemma 3.1) %% entering and exiting the infinite slice vertically % vert_entry?(s,v): bool = s`z*v`z <= 0 % vert_exit?(s,v): bool = s`z*v`z >= 0 %% eps = -1: entry, eps = 1: exit. vert_pass?(eps,s,v): bool = eps*s`z*v`z >= 0 % we have vertical separation in the cases: % eps = -1: for t <= 0 if vert. entry % eps = 1: for t >= 0 if vert. exit vert_pass_criterion : THEOREM vert_sep?(s) AND vert_pass?(eps,s,v) AND eps*t >= 0 IMPLIES vert_sep?(s+t*v) %%%% Horizontal Criteria (Lemma 3.2) %% a point is on the lateral surface of the infinite cylinder on_cyl?(s): bool = sq(s`x) + sq(s`y) = sq(D) %% entering and exiting the infinite cylinder horizontally % hor_entry?(s,v): bool = s`x*v`x + s`y*v`y <= 0 % hor_exit?(s,v): bool = s`x*v`x + s`y*v`y >= 0 %% eps = -1: entry, eps = 1: exit. hor_pass?(eps,s,v): bool = eps*(s`x*v`x + s`y*v`y) >= 0 % we have horizontal separation ... % eps = -1: for t <= 0 if hor. entry % eps = 1: for t >= 0 if hor. exit hor_pass_criterion : THEOREM hor_sep?(s) AND hor_pass?(eps,s,v) AND eps*t >= 0 IMPLIES hor_sep?(s+t*v) hor_speed_gt_0?(v) : bool = % horizontal speed > 0 sq(v`x) + sq(v`y) > 0 %% Time of Closest Approach (horizontal plane) tau(s: Vect3 ,g: (hor_speed_gt_0?)):real= - (s`x*g`x + s`y*g`y) / (sq(g`x)+sq(g`y)) %% Tangent Condition for a generic s,v tan_condition?(s,v):bool = %% equation 4.8 sq(D)*(sq(v`x)+sq(v`y)) = sq(s`x*v`y - s`y*v`x) %% Definition of theta: reaching altitude H,-H theta(eps,sz,vz): real = (eps*sign(vz)*H - sz) / vz % theta_p_lt_theta_pp : LEMMA theta(-1,sz,vz) < theta(1,sz,vz) theta_translation: LEMMA v`z /= 0 IMPLIES theta(eps, at(s, v, t)`z, v`z) = theta(eps, s`z, v`z) - t %% (Line Case Correctness) Theorem 3.6 tangent_point?(s,v):bool = sq(s`x) + sq(s`y) = sq(D) AND s`x*v`x + s`y*v`y = 0 ve : VAR Vect3 % Relative escape velocity tau_is_tangent_pt: LEMMA hor_speed_gt_0?(ve) AND tan_condition?(s,ve) IMPLIES tangent_point?(at(s, ve, tau(s,ve)), ve) line_case_correctness : THEOREM %% Theorem 3.6 tangent_point?(s,v) IMPLIES separation?(s,v) circle_case_correctness : THEOREM %% Theorem 3.7 hor_sep?(s) AND vert_sep?(s) AND ( (hor_pass?(-1,s,v) AND vert_pass?(1,s,v)) OR (hor_pass?(1,s,v) AND vert_pass?(-1,s,v)) ) IMPLIES separation?(s,v) separation_lem: LEMMA separation?(s,v) IFF separation?(s+t*v,v) % ---------- ADDED BY RWB to facilitate integration --------------- entry?(s,v):bool = s`x*v`x + s`y*v`y <= 0 exit?(s,v):bool = s`x*v`x + s`y*v`y >= 0 entry_point?(s,v):bool = on_cyl?(s) AND entry?(s,v) exit_point?(s,v):bool = on_cyl?(s) AND exit?(s,v) ccc: LEMMA abs(s`z) >= H AND ( (entry_point?(s,v) AND s`z*v`z >= 0) OR (exit_point?(s,v) AND s`z*v`z <= 0) ) IMPLIES separation?(s,v) vertical_criterion_sz_vz_ge_0 : THEOREM abs(s`z)=H AND s`z*v`z >=0 IMPLIES FORALL (t|t >= 0) : vert_sep?(s+t*v) vertical_criterion_sz_vz_le_0 : THEOREM abs(s`z)=H AND s`z*v`z <=0 IMPLIES FORALL (t|t <= 0) : vert_sep?(s+t*v) END criteria $$$criteria.prf (criteria (vert_pass_criterion 0 (vert_pass_criterion-1 nil 3287830556 3287831742 ("" (skosimp*) (("" (expand "vert_sep?") (("" (expand* "+" "*") (("" (expand "vert_pass?") (("" (lemma "abs_plus") (("" (inst?) (("" (split -) (("1" (replace -1 :hide? t) (("1" (assert) nil nil)) nil) ("2" (hide 2) (("2" (lemma "pos_times_ge") (("2" (inst - "z(s!1) * z(v!1) * eps!1" "eps!1 * t!1") (("2" (assert) (("2" (hide -4 -3 -2) (("2" (typepred "eps!1") (("2" (split -) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((vert_sep? const-decl "bool" criteria nil) (vert_pass? const-decl "bool" criteria nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (numfield nonempty-type-eq-decl nil number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (NOT const-decl "[bool -> bool]" booleans nil) (pos_times_ge formula-decl nil real_props nil) (abs_plus formula-decl nil sign nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil)) 318 300 nil nil)) (hor_pass_criterion 0 (hor_pass_criterion-1 nil 3287830556 3287831743 ("" (skosimp*) (("" (expand "hor_sep?") (("" (expand* "+" "*") (("" (case "sq(s!1`x + t!1 * v!1`x) + sq(s!1`y + t!1 * v!1`y) = sq(s!1`x) + sq(s!1`y) + 2*t!1*(s!1`x * v!1`x + s!1`y * v!1`y) + sq(t!1*v!1`x) + sq(t!1*v!1`y)") (("1" (replace -1 :hide? t) (("1" (case "2 * t!1 * (s!1`x * v!1`x + s!1`y * v!1`y) >= 0") (("1" (assert) nil nil) ("2" (hide 2) (("2" (rewrite "pos_times_ge") (("2" (flatten) (("2" (expand "hor_pass?") (("2" (typepred "eps!1") (("2" (split -) (("1" (assert) nil nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (hide-all-but 1) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((hor_sep? const-decl "bool" criteria nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (sq const-decl "nonneg_real" sq "reals/") (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (pos_times_ge formula-decl nil real_props nil) (hor_pass? const-decl "bool" criteria nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil)) 476 470 nil nil)) (tau_TCC1 0 (tau_TCC1-1 nil 3287830556 3287831743 ("" (subtype-tcc) nil nil) unchecked ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (hor_speed_gt_0? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/")) 146 140 nil nil)) (theta_p_lt_theta_pp 0 (theta_p_lt_theta_pp-1 nil 3287830556 3287831750 ("" (skosimp*) (("" (expand "theta") (("" (case "vz!1 > 0") (("1" (expand "sign") (("1" (assert) (("1" (field 1) nil nil)) nil)) nil) ("2" (expand "sign") (("2" (assert) (("2" (field 2) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((theta const-decl "real" criteria nil) (both_sides_times_neg_ge1_imp formula-decl nil extra_real_props "Manip/") (nonpos_real nonempty-type-eq-decl nil real_types nil) (<= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (= const-decl "[T, T -> boolean]" equalities nil) (both_sides_times_pos_ge1_imp formula-decl nil extra_real_props "Manip/") (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (- const-decl "[numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (< const-decl "bool" reals nil) (div_cancel2 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (> const-decl "bool" reals nil) (/= const-decl "boolean" notequal nil) (nzreal nonempty-type-eq-decl nil reals nil)) 6877 6710 nil nil)) (theta_translation 0 (theta_translation-1 nil 3287830556 3287831752 ("" (skosimp*) (("" (expand "theta") (("" (field 2) (("" (expand "at") (("" (assert) (("" (expand "+ ") (("" (expand "*") (("" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((theta const-decl "real" criteria nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (neg_mult formula-decl nil extra_tegies "Field/") (one_times formula-decl nil extra_tegies "Field/") (div_cancel2 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (sign const-decl "Sign" sign nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (H const-decl "posreal" criteria nil) (at const-decl "Vect3" criteria nil) (both_sides_times1 formula-decl nil real_props nil) (/= const-decl "boolean" notequal nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (= const-decl "[T, T -> boolean]" equalities nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil)) 1875 1760 nil nil)) (tau_is_tangent_pt 0 (tau_is_tangent_pt-1 nil 3287830556 3287832526 ("" (skosimp*) (("" (expand "hor_speed_gt_0?") (("" (case "sq(x(ve!1)) + sq(y(ve!1)) > 0") (("1" (expand "tan_condition?") (("1" (factor -3) (("1" (div-by -3 "sq(x(ve!1)) + sq(y(ve!1))") (("1" (expand "tangent_point?") (("1" (split) (("1" (expand "at") (("1" (expand "tau") (("1" (expand "+") (("1" (expand "*") (("1" (case "s!1`x + -(x(s!1) * x(ve!1) + y(s!1) * y(ve!1)) / (sq(x(ve!1)) + sq(y(ve!1))) * ve!1`x = ve!1`y*(s!1`x*ve!1`y-s!1`y*ve!1`x) / (sq(x(ve!1)) + sq(y(ve!1)))") (("1" (replace -1 1) (("1" (hide -1) (("1" (case "s!1`y + -(x(s!1) * x(ve!1) + y(s!1) * y(ve!1)) / (sq(x(ve!1)) + sq(y(ve!1))) * ve!1`y = -ve!1`x*(s!1`x * ve!1`y - s!1`y * ve!1`x) / (sq(x(ve!1)) + sq(y(ve!1)))") (("1" (replace -1 1) (("1" (hide -1) (("1" (lemma "sq_div") (("1" (inst - "ve!1`y * (s!1`x * ve!1`y - s!1`y * ve!1`x)" "(sq(x(ve!1)) + sq(y(ve!1)))") (("1" (assert) (("1" (replace -1 1) (("1" (hide -1) (("1" (lemma "sq_div") (("1" (inst - "(s!1`x * ve!1`y * -ve!1`x - s!1`y * ve!1`x * -ve!1`x)" "(sq(x(ve!1)) + sq(y(ve!1)))") (("1" (assert) (("1" (replace -1 1) (("1" (hide -1) (("1" (replace -3 1) (("1" (hide -2 -3) (("1" (field 1) (("1" (grind) nil nil) ("2" (reveal -1 -2) (("2" (hide -3) (("2" (replace -2) (("2" (hide -2) (("2" (expand "sq") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("3" (name "sqxy" "(sq(x(ve!1)) + sq(y(ve!1)))") (("3" (replace -1) (("3" (hide -1) (("3" (expand "sq") (("3" (assert) (("3" (mult-cases -1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 1)) (("2" (mult-by 1 "(sq(x(ve!1)) + sq(y(ve!1)))") (("2" (field 1) (("2" (expand "sq") (("2" (real-props 1) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 1)) (("2" (mult-by 1 "(sq(x(ve!1)) + sq(y(ve!1)))") (("2" (field 1) (("2" (expand "sq") (("2" (propax) nil nil)) nil)) nil)) nil)) nil) ("3" (assert) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "at") (("2" (expand "+ ") (("2" (expand "*") (("2" (expand "tau") (("2" (factor 1 l (3 4)) (("1" (move-terms 1 l (2 3)) (("1" (case "(ve!1`x * x(ve!1) + ve!1`y * y(ve!1)) = (sq(x(ve!1)) + sq(y(ve!1)))") (("1" (replace -1 1) (("1" (field 1) nil nil)) nil) ("2" (hide-all-but 1) (("2" (expand "sq") (("2" (propax) nil nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil)) nil)) nil)) nil) unchecked ((hor_speed_gt_0? const-decl "bool" criteria nil) (tan_condition? const-decl "bool" criteria nil) (both_sides_div1 formula-decl nil real_props nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/= const-decl "boolean" notequal nil) (times_div_cancel2 formula-decl nil extra_real_props "Manip/") (tau const-decl "real" criteria nil) (* const-decl "Vect3" Vectors nil) (zero_times3 formula-decl nil real_props nil) (mult_neg formula-decl nil extra_tegies "Field/") (nonzero_times3 formula-decl nil real_props nil) (both_sides_times1 formula-decl nil real_props nil) (AND const-decl "[bool, bool -> bool]" booleans nil) (nnreal type-eq-decl nil real_types nil) (sq_div formula-decl nil sq "reals/") (div_cancel2 formula-decl nil real_props nil) (- const-decl "[numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (+ const-decl "Vect3" Vectors nil) (at const-decl "Vect3" criteria nil) (tangent_point? const-decl "bool" criteria nil) (D const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (bool nonempty-type-eq-decl nil booleans nil) (> const-decl "bool" reals nil) (numfield nonempty-type-eq-decl nil number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (sq const-decl "nonneg_real" sq "reals/") (Vect3 type-eq-decl nil Vectors nil)) 605975 75610 t nil)) (line_case_correctness 0 (line_case_correctness-1 nil 3287830556 3287831773 ("" (expand "separation?") (("" (skosimp*) (("" (hide 2) (("" (expand "tangent_point?") (("" (flatten) (("" (lemma "hor_pass_criterion") (("" (inst?) (("" (expand "hor_sep?") (("" (expand "hor_pass?") (("" (case "t!1 >= 0") (("1" (inst - "1") (("1" (assert) nil nil)) nil) ("2" (inst - "-1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((tangent_point? const-decl "bool" criteria nil) (hor_pass_criterion formula-decl nil criteria nil) (hor_sep? const-decl "bool" criteria nil) (bool nonempty-type-eq-decl nil booleans nil) (>= const-decl "bool" reals nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (hor_pass? const-decl "bool" criteria nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil) (separation? const-decl "bool" criteria nil)) 381 360 nil nil)) (circle_case_correctness 0 (circle_case_correctness-1 nil 3287830556 3287831773 ("" (expand "separation?") (("" (skosimp*) (("" (prop) (("1" (case "t!1 >= 0") (("1" (lemma "vert_pass_criterion") (("1" (inst?) (("1" (inst - "1") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (lemma "hor_pass_criterion") (("2" (inst?) (("2" (inst - "-1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (case "t!1 >= 0") (("1" (lemma "hor_pass_criterion") (("1" (inst?) (("1" (inst - "1") (("1" (assert) nil nil)) nil)) nil)) nil) ("2" (lemma "vert_pass_criterion") (("2" (inst?) (("2" (inst - "-1") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (vert_pass_criterion formula-decl nil criteria nil) (hor_pass_criterion formula-decl nil criteria nil) (separation? const-decl "bool" criteria nil)) 332 260 nil nil)) (separation_lem 0 (separation_lem-1 nil 3287830556 3287831773 ("" (skosimp*) (("" (prop) (("1" (expand "separation?") (("1" (skosimp*) (("1" (inst -1 "t!1+t!2") (("1" (case "s!1 + (t!1 + t!2) * v!1 = s!1 + t!1 * v!1 + t!2 * v!1") (("1" (replace*) nil nil) ("2" (hide-all-but 1) (("2" (expand* "+" "-" "*") nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "separation?") (("2" (skosimp*) (("2" (inst -1 "t!2-t!1") (("2" (case "s!1 + t!1 * v!1 + (t!2 - t!1) * v!1 = s!1 + t!2 * v!1") (("1" (replace*) nil nil) ("2" (hide-all-but 1) (("2" (expand* "+" "-" "*") nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (= const-decl "[T, T -> boolean]" equalities nil) (Vect3 type-eq-decl nil Vectors nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (separation? const-decl "bool" criteria nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil)) 369 340 nil nil)) (ccc 0 (ccc-1 nil 3287830556 3287831774 ("" (skosimp*) (("" (lemma "circle_case_correctness") (("" (inst?) (("" (assert) (("" (hide 2) (("" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) unchecked ((circle_case_correctness formula-decl nil criteria nil) (vert_pass? const-decl "bool" criteria nil) (hor_pass? const-decl "bool" criteria nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (sq const-decl "nonneg_real" sq "reals/") (on_cyl? const-decl "bool" criteria nil) (entry? const-decl "bool" criteria nil) (entry_point? const-decl "bool" criteria nil) (exit? const-decl "bool" criteria nil) (exit_point? const-decl "bool" criteria nil) (vert_sep? const-decl "bool" criteria nil) (hor_sep? const-decl "bool" criteria nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 555 550 nil nil)) (vertical_criterion_sz_vz_ge_0 0 (vertical_criterion_sz_vz_ge_0-1 nil 3287830556 3287831785 ("" (skolem 1 ("s" "v")) (("" (flatten) (("" (skolem 1 "T") (("" (typepred "T") (("" (expand "vert_sep?") (("" (expand* "+" "*") (("" (expand "abs") (("" (lift-if) (("" (real-props) (("" (ground) (("1" (replaces -5 :dir rl) (("1" (both-sides "+" "s`z") (("1" (real-props) (("1" (neg-formula 1) nil nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (case " T * v`z <= 0") (("1" (assert) nil nil) ("2" (hide 2) (("2" (real-props) nil nil)) nil)) nil)) nil) ("3" (replaces -4 :dir rl) (("3" (case " T * v`z >= 0") (("1" (assert) nil nil) ("2" (real-props) nil nil)) nil)) nil) ("4" (replaces -3 :dir rl) (("4" (both-sides "-" "s`z" 2) (("4" (real-props) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((>= const-decl "bool" reals nil) (real nonempty-type-from-decl nil reals nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number nonempty-type-decl nil numbers nil) (NOT const-decl "[bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (boolean nonempty-type-decl nil booleans nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (Vect3 type-eq-decl nil Vectors nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (both_sides_plus_ge1 formula-decl nil real_props nil) (negreal nonempty-type-eq-decl nil real_types nil) (< const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (<= const-decl "bool" reals nil) (both_sides_times_neg_ge1 formula-decl nil real_props nil) (neg_times_ge formula-decl nil real_props nil) (neg_neg formula-decl nil extra_tegies "Field/") (mult_neg formula-decl nil extra_tegies "Field/") (zero_is_neg_zero formula-decl nil real_props nil) (one_times formula-decl nil extra_tegies "Field/") (neg_mult formula-decl nil extra_tegies "Field/") (add_neg formula-decl nil extra_tegies "Field/") (neg_times_le formula-decl nil real_props nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (both_sides_plus_ge2 formula-decl nil real_props nil) (both_sides_minus_ge1 formula-decl nil real_props nil) (pos_times_ge formula-decl nil real_props nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (vert_sep? const-decl "bool" criteria nil)) 11339 8570 nil nil)) (vertical_criterion_sz_vz_le_0 0 (vertical_criterion_sz_vz_le_0-1 nil 3287830556 3287831785 ("" (skolem 1 ("s" "v")) (("" (flatten) (("" (lemma "vertical_criterion_sz_vz_ge_0") (("" (inst -1 "s" "v WITH [z := -v`z]") (("" (split -1) (("1" (skolem 1 "T") (("1" (inst -1 "-T") (("1" (expand "vert_sep?") (("1" (expand* "+" "*") (("1" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (propax) nil nil) ("3" (hide -1 2) (("3" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) unchecked ((real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield -> numfield]" number_fields nil) (vert_sep? const-decl "bool" criteria nil) (+ const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (<= const-decl "bool" reals nil) (>= const-decl "bool" reals nil) (bool nonempty-type-eq-decl nil booleans nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (vertical_criterion_sz_vz_ge_0 formula-decl nil criteria nil)) 206 180 nil nil))) $$$in_circle_vert.pvs in_circle_vert: THEORY BEGIN IMPORTING criteria, common_defs l,r,b,c : VAR real a : VAR nonzero_real so : VAR Vect3 % Ownship position vo : VAR Vect3 % Ownship velocity tt : VAR real % Target time st : VAR Vect3 % Target position si : VAR Vect3 % Intruder position vi : VAR Vect3 % Intruder velocity te : VAR real % Escape time voe : VAR Vect3 % Escape velocity tr : VAR real % Recovery time vor : VAR Vect3 % Recovery velocity s : VAR Vect3 % Relative ownship position v : VAR Vect3 % Relative ownship velocity ve : VAR Vect3 % Relative escape velocity vr : VAR Vect3 % Relative recovery velocity sr : VAR Vect3 % Relative final position eps, epsp : VAR Sign p, vop : VAR Vect3 t, t1, t2, t3 : VAR real v1, v2 : VAR Vect3 vert_in_circle_escape: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v+vi,ve+vi) AND vertical_change?(ve+vi,vr+vi) AND 0 < te AND tr > 0 AND % FOR TCC te = THETA(s, v, -1) AND 0 < te AND te < tr AND sr = s + tr*v AND vr`z = (sign(sr`z)*H - sr`z)/(te-tr) AND ve`z = (tr*v`z - (tr - te)*vr`z)/te AND abs(sr`z) >= H IMPLIES separation?(s,ve) vert_in_circle_escape_alt: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v+vi,ve+vi) AND vertical_change?(ve+vi,vr+vi) AND tr > 0 AND % FOR TCC 0 < THETA(s, v, -1) AND THETA(s,v, -1) < tr AND sr = s + tr*v AND ve`z = (eps*H - s`z)/THETA(s, v, -1) AND % RWB ALTERNATIVE eps*s`z < H % RWB ALTERNATIVE IMPLIES separation?(s,ve) vert_in_circle_rec: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND vertical_change?(v+vi,ve+vi) AND vertical_change?(ve+vi,vr+vi) AND tr > 0 AND % FOR TCC te = THETA(s, v, -1) AND 0 < te AND te < tr AND sr = s + tr*v AND vr`z = (sign(sr`z)*H - sr`z)/(te-tr) AND ve`z = (tr*v`z - (tr - te)*vr`z)/te AND abs(sr`z) >= H IMPLIES separation?(s+te*ve,vr) vert_in_circle: THEOREM hor_sep?(s) AND NOT pred_sep?(s,v,tr) AND tr > 0 AND % FOR TCC sr = s + tr*v AND abs(sr`z) >= H AND % TEST CONDITION 0 < te AND % POST COMPUTATION TEST te < tr AND % POST COMPUTATION TEST te = THETA(s, v, -1) AND % COMPUTED VALUES vr`z = (sign(sr`z)*H - sr`z)/(te-tr) AND ve`z = (tr*v`z - (tr - te)*vr`z)/te AND ve`x = v`x AND ve`y = v`y AND vr`x = v`x AND vr`y = v`y IMPLIES separation?(s,ve) AND separation?(s+te*ve,vr) END in_circle_vert $$$in_circle_vert.prf (in_circle_vert (vert_in_circle_escape_TCC1 0 (vert_in_circle_escape_TCC1-1 nil 3287830558 3288112734 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 34 30 nil nil)) (vert_in_circle_escape_TCC2 0 (vert_in_circle_escape_TCC2-1 nil 3287830558 3288112734 ("" (skosimp*) (("" (assert) nil nil)) nil) proved nil 73 70 nil nil)) (vert_in_circle_escape_TCC3 0 (vert_in_circle_escape_TCC3-1 nil 3287830558 3288112738 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 4182 3970 nil nil)) (vert_in_circle_escape 0 (vert_in_circle_escape-1 nil 3287830558 3288112747 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (expand "vertical_change?" -3) (("" (expand "+ " -3) (("" (flatten) (("" (lemma "separation_lem") (("" (inst - "s!1" "te!1" "ve!1") (("" (assert) (("" (hide 3) (("" (lemma "ccc") (("" (inst - "s!1 + te!1*ve!1" "ve!1") (("" (assert) (("" (hide 2) (("" (case "s!1`z + ve!1`z * te!1 = sign(sr!1`z)*H ") (("1" (split +) (("1" (hide-all-but (-1 1)) (("1" (expand "+ ") (("1" (expand "*") (("1" (replace -1) (("1" (hide -1) (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 2) (("2" (lemma "entry_it_is") (("2" (inst?) (("2" (assert) (("2" (prop) (("1" (hide-all-but (-1 -5 -6 1)) (("1" (grind :exclude "THETA") nil nil)) nil) ("2" (hide -1 -3 -4 -5 -6 -7) (("2" (expand "+ ") (("2" (expand "*") (("2" (mult-by -1 "ve!1`z") (("2" (assert) (("2" (replace -1) (("2" (hide -1) (("2" (div-by 1 "H") (("2" (case "sr!1`z >= 0") (("1" (expand "abs") (("1" (assert) (("1" (expand "sign") (("1" (hide -1) (("1" (replaces -8) (("1" (mult-by 1 "te!1") (("1" (cross-mult -7) (("1" (replaces -7) (("1" (real-props 1) (("1" (replaces -6 1) (("1" (beta) (("1" (assert) (("1" (lemma "vert_pred") (("1" (inst?) (("1" (inst?) (("1" (split -1) (("1" (propax) nil nil) ("2" (ground) nil nil) ("3" (ground) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (expand "sign") (("2" (expand "abs") (("2" (assert) (("2" (neg-formula 2) (("2" (replaces -8) (("2" (mult-by 2 "te!1") (("2" (field -7) (("2" (hide -2) (("2" (replaces -1) (("2" (replaces -6 2) (("2" (beta) (("2" (assert) (("2" (real-props 1) (("2" (case-replace "((-(s!1`z + tr!1 * v!1`z) - H) + tr!1 * v!1`z) = -s!1`z - H") (("1" (lemma "vert_pred") (("1" (inst?) (("1" (inst -1 "sr!1") (("1" (split -1) (("1" (propax) nil nil) ("2" (assert) nil nil) ("3" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide 2) (("2" (hide -1 -2 -3 -4 -5 -7 2) (("2" (cross-mult -6) (("2" (hide -6) (("2" (expand "+ ") (("2" (expand "*") (("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (+ const-decl "Vect3" Vectors nil) (separation_lem formula-decl nil criteria nil) (ccc formula-decl nil criteria nil) (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (sign const-decl "Sign" sign nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (entry_it_is formula-decl nil common_defs nil) (both_sides_times_pos_ge1 formula-decl nil real_props nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (div_cancel2 formula-decl nil real_props nil) (vert_pred formula-decl nil common_defs nil) (zero_div formula-decl nil extra_tegies "Field/") (zero_times1 formula-decl nil real_props nil) (div_cancel4 formula-decl nil extra_real_props "Manip/") (both_sides_times_neg_ge1 formula-decl nil real_props nil) (<= const-decl "bool" reals nil) (nonpos_real nonempty-type-eq-decl nil real_types nil) (< const-decl "bool" reals nil) (negreal nonempty-type-eq-decl nil real_types nil) (zero_is_neg_zero formula-decl nil real_props nil) (mult_neg formula-decl nil extra_tegies "Field/") (one_times formula-decl nil extra_tegies "Field/") (neg_mult formula-decl nil extra_tegies "Field/") (neg_neg formula-decl nil extra_tegies "Field/") (X1__ skolem-const-decl "real" in_circle_vert nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (/= const-decl "boolean" notequal nil) (times_div_cancel2 formula-decl nil extra_real_props "Manip/") (both_sides_div_pos_ge1 formula-decl nil real_props nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (sq const-decl "nonneg_real" sq "reals/") (on_cyl? const-decl "bool" criteria nil) (entry? const-decl "bool" criteria nil) (entry_point? const-decl "bool" criteria nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (* const-decl "Vect3" Vectors nil) (vertical_change? const-decl "bool" common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 8607 6030 t nil)) (vert_in_circle_escape_alt_TCC1 0 (vert_in_circle_escape_alt_TCC1-1 nil 3287830558 3288112747 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 42 30 nil nil)) (vert_in_circle_escape_alt_TCC2 0 (vert_in_circle_escape_alt_TCC2-1 nil 3287830558 3288112750 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil)) 2889 2800 nil nil)) (vert_in_circle_escape_alt 0 (vert_in_circle_escape_alt-1 nil 3287830558 3288112753 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (expand "vertical_change?" -3) (("" (expand "+ " -3) (("" (flatten) (("" (lemma "separation_lem") (("" (inst - "s!1" "THETA(s!1, v!1, -1)" "ve!1") (("" (assert) (("" (hide 3) (("" (lemma "ccc") (("" (inst - "s!1 + THETA(s!1, v!1, -1)*ve!1" "ve!1") (("" (assert) (("" (hide 2) (("" (split +) (("1" (hide-all-but (-1 -10 1)) (("1" (mult-by -2 "THETA(s!1, v!1, -1)") (("1" (typepred "eps!1") (("1" (grind :exclude "THETA") nil nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 2) (("2" (lemma "entry_it_is") (("2" (inst?) (("2" (assert) (("2" (prop) (("1" (hide-all-but (-1 -5 -4 1)) (("1" (grind :exclude "THETA") nil nil)) nil) ("2" (hide-all-but (1 -2 -11 -7 -8)) (("2" (mult-by -4 "THETA(s!1, v!1, -1)") (("2" (expand "+ ") (("2" (expand "*") (("2" (mult-by -1 "ve!1`z") (("2" (replace -1) (("2" (assert) (("2" (hide -1) (("2" (reveal -3) (("2" (lemma "pos_div_gt") (("2" (inst?) (("2" (assert) (("2" (replace -2 * rl) (("2" (hide -2) (("2" (reveal -13) (("2" (typepred "eps!1") (("2" (grind :exclude "THETA") (("1" (typepred "H") (("1" (mult-ineq -2 -5) (("1" (assert) nil nil)) nil)) nil) ("2" (case "ve!1`z <= 0") (("1" (mult-ineq -3 -1 (+ -)) (("1" (assert) nil nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (+ const-decl "Vect3" Vectors nil) (separation_lem formula-decl nil criteria nil) (ccc formula-decl nil criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (H const-decl "posreal" criteria nil) (posreal nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (>= const-decl "bool" reals nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/= const-decl "boolean" notequal nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (NOT const-decl "[bool -> bool]" booleans nil) (entry_point? const-decl "bool" criteria nil) (entry? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (pos_div_gt formula-decl nil real_props nil) (<= const-decl "bool" reals nil) (lt_times_lt_any1 formula-decl nil extra_real_props "Manip/") (< const-decl "bool" reals nil) (gt_times_gt_any1 formula-decl nil extra_real_props "Manip/") (hor_speed_gt_0? const-decl "bool" criteria nil) (disc const-decl "real" common_defs nil) (nonzero_real nonempty-type-eq-decl nil reals nil) (div_cancel2 formula-decl nil real_props nil) (entry_it_is formula-decl nil common_defs nil) (* const-decl "Vect3" Vectors nil) (THETA const-decl "real" common_defs nil) (Sign type-eq-decl nil sign nil) (- const-decl "[numfield -> numfield]" number_fields nil) (numfield nonempty-type-eq-decl nil number_fields nil) (= const-decl "[T, T -> boolean]" equalities nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (int nonempty-type-eq-decl nil integers nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (rational nonempty-type-from-decl nil rationals nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (clash_type type-eq-decl nil common_defs nil) (THETA_defined? const-decl "bool" common_defs nil) (bool nonempty-type-eq-decl nil booleans nil) (vertical_change? const-decl "bool" common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 3213 3100 t nil)) (vert_in_circle_rec 0 (vert_in_circle_rec-1 nil 3287830558 3288116112 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) (("" (field -10) (("" (field -12) (("" (assert) (("" (flatten) (("" (hide 1 2) (("" (case-replace "s!1 + te!1 * ve!1 = sr!1 - (tr!1 - te!1)*vr!1") (("1" (hide -1) (("1" (lemma "ccc") (("1" (inst?) (("1" (assert) (("1" (hide 3) (("1" (split +) (("1" (expand "-") (("1" (expand "*") (("1" (replace -2) (("1" (move-terms -2 r 2) (("1" (expand "+ ") (("1" (replace -2) (("1" (hide-all-but 1) (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (flatten) (("2" (hide 2) (("2" (split +) (("1" (lemma "entry_it_is") (("1" (inst?) (("1" (assert) (("1" (hide-all-but (-1 -6 -7 -9 -12 1)) (("1" (replace -4 * rl) (("1" (hide -4) (("1" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (assert) (("2" (hide -3 -4 -5 -6 -7 2) (("2" (expand "-") (("2" (expand "*") (("2" (expand "+ ") (("2" (assert) (("2" (replace -2) (("2" (mult-by -2 "vr!1`z") (("2" (assert) (("2" (move-terms -1 l 2) (("2" (replace -1) (("2" (hide -1) (("2" (assert) (("2" (reveal -3) (("2" (replace -6) (("2" (assert) (("2" (hide -6) (("2" (move-terms -1 r (2 3)) (("2" (assert) (("2" (expand "sign") (("2" (lift-if) (("2" (ground) (("1" (hide -3 -4) (("1" (expand "abs") (("1" (assert) (("1" (case "(te!1 -tr!1)*vr!1`z <= 0") (("1" (mult-cases -1) (("1" (mult-by -1 "H") (("1" (assert) nil nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil) ("2" (expand "abs") (("2" (hide 2) (("2" (assert) (("2" (case-replace "s!1`z + tr!1 * v!1`z = 0") (("1" (assert) nil nil) ("2" (assert) (("2" (case "(te!1 -tr!1)*vr!1`z >= 0") (("1" (mult-cases -1) (("1" (mult-by -1 "H") (("1" (assert) nil nil)) nil)) nil) ("2" (assert) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (hide-all-but (-1 -2 -11 -5 -6 1)) (("2" (grind) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (+ const-decl "[numfield, numfield -> numfield]" number_fields nil) (X7__ skolem-const-decl "real" in_circle_vert nil) (- const-decl "Vect3" Vectors nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (ccc formula-decl nil criteria nil) (abs const-decl "{n: nonneg_real | n >= m}" real_defs nil) (pos_times_ge formula-decl nil real_props nil) (both_sides_times_pos_ge1_imp formula-decl nil extra_real_props "Manip/") (neg_times_le formula-decl nil real_props nil) (both_sides_times_pos_le1_imp formula-decl nil extra_real_props "Manip/") (<= const-decl "bool" reals nil) (entry_it_is formula-decl nil common_defs nil) (vertical_change? const-decl "bool" common_defs nil) (entry_point? const-decl "bool" criteria nil) (entry? const-decl "bool" criteria nil) (on_cyl? const-decl "bool" criteria nil) (sq const-decl "nonneg_real" sq "reals/") (X5__ skolem-const-decl "real" in_circle_vert nil) (nznum nonempty-type-eq-decl nil number_fields nil) (/ const-decl "[numfield, nznum -> numfield]" number_fields nil) (* const-decl "[numfield, numfield -> numfield]" number_fields nil) (rational_pred const-decl "[real -> boolean]" rationals nil) (rational nonempty-type-from-decl nil rationals nil) (integer_pred const-decl "[rational -> boolean]" integers nil) (int nonempty-type-eq-decl nil integers nil) (bool nonempty-type-eq-decl nil booleans nil) (OR const-decl "[bool, bool -> bool]" booleans nil) (- const-decl "[numfield -> numfield]" number_fields nil) (Sign type-eq-decl nil sign nil) (sign const-decl "Sign" sign nil) (>= const-decl "bool" reals nil) (nonneg_real nonempty-type-eq-decl nil real_types nil) (> const-decl "bool" reals nil) (posreal nonempty-type-eq-decl nil real_types nil) (H const-decl "posreal" criteria nil) (both_sides_times1_imp formula-decl nil extra_real_props "Manip/") (/= const-decl "boolean" notequal nil) (= const-decl "[T, T -> boolean]" equalities nil) (numfield nonempty-type-eq-decl nil number_fields nil) (- const-decl "[numfield, numfield -> numfield]" number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 2584757 443260 t nil)) (vert_in_circle_TCC1 0 (vert_in_circle_TCC1-1 nil 3287830558 3288112765 ("" (skosimp*) (("" (lemma "exploit_pred_conflict") (("" (inst?) (("" (assert) nil nil)) nil)) nil)) nil) proved ((exploit_pred_conflict formula-decl nil common_defs nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (number_field nonempty-type-from-decl nil number_fields nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (boolean nonempty-type-decl nil booleans nil) (number nonempty-type-decl nil numbers nil) (Vect3 type-eq-decl nil Vectors nil) (real nonempty-type-from-decl nil reals nil)) 61 40 nil nil)) (vert_in_circle_TCC2 0 (vert_in_circle_TCC2-1 nil 3287830558 3288112768 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 3753 3640 nil nil)) (vert_in_circle_TCC3 0 (vert_in_circle_TCC3-1 nil 3287830558 3288112771 ("" (subtype-tcc) nil nil) proved ((boolean nonempty-type-decl nil booleans nil) (bool nonempty-type-eq-decl nil booleans nil) (NOT const-decl "[bool -> bool]" booleans nil) (number nonempty-type-decl nil numbers nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (sq const-decl "nonneg_real" sq "reals/") (hor_sep? const-decl "bool" criteria nil) (* const-decl "Vect3" Vectors nil) (+ const-decl "Vect3" Vectors nil) (vert_sep? const-decl "bool" criteria nil) (pred_sep? const-decl "bool" common_defs nil) (disc const-decl "real" common_defs nil) (THETA const-decl "real" common_defs nil) (/= const-decl "boolean" notequal nil)) 2681 2630 nil nil)) (vert_in_circle 0 (vert_in_circle-1 nil 3287830558 3288112772 ("" (skosimp*) (("" (prop) (("1" (lemma "vert_in_circle_escape") (("1" (inst?) (("1" (inst?) (("1" (inst?) (("1" (assert) (("1" (hide 2 3) (("1" (expand "vertical_change?") (("1" (expand "+ ") (("1" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) ("2" (lemma "vert_in_circle_rec") (("2" (inst?) (("2" (inst?) (("2" (inst?) (("2" (assert) (("2" (hide 2 3) (("2" (expand "vertical_change?") (("2" (expand "+ ") (("2" (propax) nil nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil)) nil) proved ((number nonempty-type-decl nil numbers nil) (boolean nonempty-type-decl nil booleans nil) (number_field_pred const-decl "[number -> boolean]" number_fields nil) (number_field nonempty-type-from-decl nil number_fields nil) (real_pred const-decl "[number_field -> boolean]" reals nil) (real nonempty-type-from-decl nil reals nil) (Vect3 type-eq-decl nil Vectors nil) (+ const-decl "Vect3" Vectors nil) (vertical_change? const-decl "bool" common_defs nil) (vert_in_circle_escape formula-decl nil in_circle_vert nil) (vert_in_circle_rec formula-decl nil in_circle_vert nil)) 537 530 nil nil))) $$$vertical_only.pvs vertical_only: THEORY BEGIN IMPORTING in_circle_vert, out_circle_vert, one_circle_vert, vert_only_algo, vert_only_prop END vertical_only $$$top.pvs top: THEORY %---------------------------------------------------------------------------- % % Formal Verification of RR3D % --------------------------- % % For conflict detection purposes, aircraft are assumed to be surrounded % by an avoidance region, which is typically a cylinder of diameter 5 % nautical miles and height 1000 feet. Two aircraft are said to be in % conflict when their avoidance regions overlap. We take an % alternative, but equivalent view, where aircraft are surrounded by % protected zones twice as big as the individual avoidance regions. In % this view, a conflict is the incursion of one aircraft in the % protected zone of another one. % % The ownship's initial position (i.e., its position at time t = 0) is % given by the vector s_o = (s_ox, s_oy, s_oz). The ownship's original % velocity vector is given by v_o = (v_ox, v_oy, v_oz). Likewise the % intruder's initial position, s_i, and the intruder's velocity vector, % v_i, are given. It is convenient to consider the ownship's motion % relative to the intruder. For this purpose, we introduce a relative % coordinate system where the intruder's position is at the origin, and % we consider the relative position vector s = (s_x, s_y, s_z) = s_o - % s_i and the relative velocity vector v = (v_x, v_y, v_z) = v_o - v_i. % % Inputs: % % * Initial relative ownship's position s. % * Absolute velocity vectors v_o, v_i of ownship and intruder aircraft, % respectively. The relative velocity vector is given by v=v_o-v_i. % * Required Time of Arrival (RTA) or target time t'' > 0, % which determines the target point % % Assumptions: % % * Courses, i.e., trajectories between way-points, are line % segments. Hence, courses are described by a position, a % velocity vector, and a time interval. Moreover, we assume that % changes of course or speed are implemented in zero time by an aircraft. % * Absolute ground speeds are not zero, i.e., v_ox^2 + v_oy^2 % 0 and v_ix^2 + v_iy^2 0. % * Neither at initial time nor at target time are the aircraft in % conflict, i.e., s, s'' P. % * the ownship is is not at the boundary of the intruder's protected zone % at the initial time nor at target time. % * The aircraft are in predicted conflict before t''. % % % Outputs: A list of maneuvers each one a triple,(t',v_o',v_o''), composed of % % * A time of switch t'such that 0 < t' < t''. % * An escape velocity vector v_o' that determines a conflict-free escape % course for the ownship % * A recovery velocity vector v_o'' that determines a % conflict-free and on-time recovery course for the ownship. % % % Authors: J. Maddalon, R. Butler, and A. Geser and C. Munoz % % Version 1.0 February 2003 % % See http://techreports.larc.nasa.gov/ltrs/refer/2004/tp % /NASA-2004-tp213015.refer.html %---------------------------------------------------------------------------- BEGIN IMPORTING vertical_only, ground_speed_only, heading_only, rr3d_algo, rr3d_prop END top